Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2045e9523d88e136848364cffe66aaa35ed9ebf0a14393dc08b649b053cf872d

  • Size

    180KB

  • Sample

    191213-h57lb5h5gn

  • MD5

    c7952d6dd6e24858f4d2519d9e37a7d9

  • SHA1

    4e7a70c53038602ca6d7e992304c3b90dbd184f5

  • SHA256

    2045e9523d88e136848364cffe66aaa35ed9ebf0a14393dc08b649b053cf872d

  • SHA512

    7115730dca863e9bcc03e8e6b68b94a9c119805b6f6acf9512eec907eaa05d4afc6f28b93c39022baf7ed1f024953059f2f69b2cc68854c3e280f3385805bd70

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://birdlandonetoone.com/blogs/xth90m/
exe.dropper

http://generalpro.com/_private/a/
exe.dropper

http://kuznetsov.ca/thumbs/y/
exe.dropper

http://horal.sk/2016/YO/
exe.dropper

http://indrikov.com/in_velox_libertas/bj/

Targets

    • Target

      2045e9523d88e136848364cffe66aaa35ed9ebf0a14393dc08b649b053cf872d

    • Size

      180KB

    • MD5

      c7952d6dd6e24858f4d2519d9e37a7d9

    • SHA1

      4e7a70c53038602ca6d7e992304c3b90dbd184f5

    • SHA256

      2045e9523d88e136848364cffe66aaa35ed9ebf0a14393dc08b649b053cf872d

    • SHA512

      7115730dca863e9bcc03e8e6b68b94a9c119805b6f6acf9512eec907eaa05d4afc6f28b93c39022baf7ed1f024953059f2f69b2cc68854c3e280f3385805bd70

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks