Overview

overview

8

task1

 

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a2ad4aa38fdecf72f89cf9789ae280ae7c76b82ba1b5b31f6a799050b7ed47b

  • Size

    174KB

  • Sample

    191213-nzhd71gz22

  • MD5

    8a49f1efd53e7b4724e49d5f4b2780b1

  • SHA1

    f2c13824266271d3019e53b0725c9341af0bf373

  • SHA256

    8a2ad4aa38fdecf72f89cf9789ae280ae7c76b82ba1b5b31f6a799050b7ed47b

  • SHA512

    0fd53d1ae221959637e7d709d67272d952ccd5e07c211f9343adf0ca591d7d4300dce501a82faa534a1effe011d990907cbf17458c8a2ea615c307f77ac98003

Score
8/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://osyron.com/css/yASnV04o/
exe.dropper

http://parkysplace.com/images/d5b8/
exe.dropper

http://shreeharisales.org/wp-admin/81muyx/
exe.dropper

http://aviationinsiderjobs.com/wp-includes/EMtgs/
exe.dropper

http://www.lagarehombourg.be/wp-content/TLx/

Targets

    • Target

      8a2ad4aa38fdecf72f89cf9789ae280ae7c76b82ba1b5b31f6a799050b7ed47b

    • Size

      174KB

    • MD5

      8a49f1efd53e7b4724e49d5f4b2780b1

    • SHA1

      f2c13824266271d3019e53b0725c9341af0bf373

    • SHA256

      8a2ad4aa38fdecf72f89cf9789ae280ae7c76b82ba1b5b31f6a799050b7ed47b

    • SHA512

      0fd53d1ae221959637e7d709d67272d952ccd5e07c211f9343adf0ca591d7d4300dce501a82faa534a1effe011d990907cbf17458c8a2ea615c307f77ac98003

    Score
    8/10

    • Executes dropped EXE

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks