9fad5afc424df291ee9109a6b261f565d68c2f245b0afa715f0551e82930e157 | Triage

Sharing

General

Target

9fad5afc424df291ee9109a6b261f565d68c2f245b0afa715f0551e82930e157
Size

201KB
Sample

191218-3em72zhv3n
MD5

87465c4e347a68a09fa367ce2196b9d1
SHA1

8ea255d400ebebb7537fc81cc0c3ddb6562312d0
SHA256

9fad5afc424df291ee9109a6b261f565d68c2f245b0afa715f0551e82930e157
SHA512

211595df66db06cd027f8e3dd53ae59b1512ae6f9f952edcd9b53fe5eafc4d9ea682f061b073c985d012b148bbea48f3bee393017eaeac19fecca2c88534362e

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://silverswiss.com/wp-includes/t5gp93/

exe.dropper

http://golford.com/wp-includes/nhens61255/

exe.dropper

https://limraitech.com/wp/2uknv7403/

exe.dropper

http://wdbusinessconsultant.com/wp-includes/uzse8/

exe.dropper

https://traceidentified.com/ranchLib/g5ynhrm62391/

Targets

- Target
  
  9fad5afc424df291ee9109a6b261f565d68c2f245b0afa715f0551e82930e157
- Size
  
  201KB
- MD5
  
  87465c4e347a68a09fa367ce2196b9d1
- SHA1
  
  8ea255d400ebebb7537fc81cc0c3ddb6562312d0
- SHA256
  
  9fad5afc424df291ee9109a6b261f565d68c2f245b0afa715f0551e82930e157
- SHA512
  
  211595df66db06cd027f8e3dd53ae59b1512ae6f9f952edcd9b53fe5eafc4d9ea682f061b073c985d012b148bbea48f3bee393017eaeac19fecca2c88534362e
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
- Modifies system certificate store
  evasion spyware trojan
task1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

evasionspywaretrojan