b1b011cb1761dbd29030575cbd26447a7fb13ebeac3c62a30cfe1274f04b2f1a | Triage

Sharing

General

Target

a85cc2088eaf316b8fcf3c7f33996b1acf93f99f820eaa9dfac83d0637adc9ce.zip
Size

167KB
Sample

191227-bnqrnb7ygj
MD5

495664a2a7c733f201fdb9286f87d991
SHA1

211dba7c54f04b704d4c4ea8d4ca584bd61fc253
SHA256

b1b011cb1761dbd29030575cbd26447a7fb13ebeac3c62a30cfe1274f04b2f1a
SHA512

23da8fb97966da8a23cba1da52f37e614155b3c4b89dbd174459269052cdb5bb028830ef29244e91f4c1c6b8ec79e7c690ab81082b455d662ef8b55abd823714

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://xsnonline.us/blogs/4x466v/

exe.dropper

http://obbydeemusic.com/aqoeivj4fd/us5htvn/

exe.dropper

http://veeplan.com/wp-content/dW0o3RoJNG/

exe.dropper

http://www.kmacobd.com/u9r/

exe.dropper

http://aijdjy.com/dup-installer/t0/

Targets

- Target
  
  VHZ_6063009267_UVJ_10122019.doc
- Size
  
  286KB
- MD5
  
  73c3127d7c4af73231d1302431a80d35
- SHA1
  
  689be14c748089277d18582ebaf192c5c218cd1a
- SHA256
  
  a85cc2088eaf316b8fcf3c7f33996b1acf93f99f820eaa9dfac83d0637adc9ce
- SHA512
  
  4638b334444dd33310fc39316eebe9e2cc8d4b592d429a15ca00f27b6f64d668eb21158db36ea4569d6b171b7bf3ce3c1c1294d5d1e2e6f20162cc30dce699ad
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
- Modifies system certificate store
  evasion spyware trojan
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

evasionspywaretrojan

task2