Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Docs_4b3c7c2d6627b2a8dce9f1c50e08e144.html

  • Size

    161KB

  • Sample

    191223-kxjvlygnhj

  • MD5

    4b3c7c2d6627b2a8dce9f1c50e08e144

  • SHA1

    2329e62f3a54120036e86313f6f42c1a8a2b1513

  • SHA256

    e8ca6c66c79cca9404a9f6a6920ff02010dc799435381a97fd5c57cf0c3abb41

  • SHA512

    98bc5a5710bda76740e77f099da7bc69246ffce73fa4f251d6e66876a126793ff3db97aacee0ef24a78e7b26fc54d964c45daa5527cd704b06dce77b96e06992

Score
10/10
evasionspywaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://xoso.thememanga.com/wp-admin/rqr/
exe.dropper

http://nuochoakichduc.info/wp-admin/HbS7j/
exe.dropper

http://nhasachthanhduy.com/master.class/zrJd/
exe.dropper

http://saphonzee.com/wp-includes/WdGrn8/
exe.dropper

https://tripaxi.com/All/Og86/

Targets

    • Target

      Docs_4b3c7c2d6627b2a8dce9f1c50e08e144.html

    • Size

      161KB

    • MD5

      4b3c7c2d6627b2a8dce9f1c50e08e144

    • SHA1

      2329e62f3a54120036e86313f6f42c1a8a2b1513

    • SHA256

      e8ca6c66c79cca9404a9f6a6920ff02010dc799435381a97fd5c57cf0c3abb41

    • SHA512

      98bc5a5710bda76740e77f099da7bc69246ffce73fa4f251d6e66876a126793ff3db97aacee0ef24a78e7b26fc54d964c45daa5527cd704b06dce77b96e06992

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

    • Modifies system certificate store

      evasionspywaretrojan

    • Drops file in System32 directory

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks