Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e41bad2948eadda33dfc16e75a5e50e3e0d0babfa0767ec62357c94962ac7cb

  • Size

    207KB

  • Sample

    191220-xlsv9tw8mx

  • MD5

    ba1b44b3c93997dd8a26e8ceda143a91

  • SHA1

    6784b653562ff607432934c1d6f8771f2ec4ce2f

  • SHA256

    9e41bad2948eadda33dfc16e75a5e50e3e0d0babfa0767ec62357c94962ac7cb

  • SHA512

    9c1c3149de8f5178b3b4d376f002d2127418c9639d0d23302a968473afb6561cbbd496be8dd269b14f21bd7bc4299cbc7b1eb8c0c3689c49ec17f22fe84aee12

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://citationvie.com/wp-includes/F4E7VRR/
exe.dropper

https://tapucreative.com/wp-admin/ds54af/
exe.dropper

http://driventodaypodcast.com/megaphone/wrm/
exe.dropper

http://datrangsuc.com/wp-admin/Szzu2WcG/
exe.dropper

http://nguyenquocltd.com/wp-content/p7dl/

Targets

    • Target

      9e41bad2948eadda33dfc16e75a5e50e3e0d0babfa0767ec62357c94962ac7cb

    • Size

      207KB

    • MD5

      ba1b44b3c93997dd8a26e8ceda143a91

    • SHA1

      6784b653562ff607432934c1d6f8771f2ec4ce2f

    • SHA256

      9e41bad2948eadda33dfc16e75a5e50e3e0d0babfa0767ec62357c94962ac7cb

    • SHA512

      9c1c3149de8f5178b3b4d376f002d2127418c9639d0d23302a968473afb6561cbbd496be8dd269b14f21bd7bc4299cbc7b1eb8c0c3689c49ec17f22fe84aee12

    Score
    10/10

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks