b492a779314f8e5acadc326421167bd4ac3ed160d9ad85ce5bd02d71434caa00 | Triage

Sharing

General

Target

Malware Samples.zip
Size

5.0MB
Sample

191228-5qe32w9ee6
MD5

7b680fdd7ef26a6db365f28a74625d72
SHA1

c0a256e4f07a22b1db497545680afab7e0f5ebc8
SHA256

b492a779314f8e5acadc326421167bd4ac3ed160d9ad85ce5bd02d71434caa00
SHA512

6cb1e8d0b96cdff86c4b1bd1a984f78b94ebe036b8a610bec478850d7084a1cfbcf2dba5f47aa56dd4e65afd535fbc3c81780bcdd30bbc51f8ca2d6c0d2ee1de

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://sandiegohomevalues.com/engl/4de-kzsyhu-768611/

exe.dropper

https://www.wenkawang.com/data/bofze0s-7ji4-15/

exe.dropper

https://www.bruidsfotograaf-utrecht.com/wp-includes/QLvFLy/

exe.dropper

http://ma.jopedu.com/img/8z8dl-3xn-655019278/

exe.dropper

http://pay.jopedu.com/ThinkPHP/l9okcguh6-b9nnrh7-96245524/

Targets

- Target
  
  12e90e4b70e21ee2e80f2563f43e72ab.danger
- Size
  
  125KB
- MD5
  
  12e90e4b70e21ee2e80f2563f43e72ab
- SHA1
  
  85d7d298d8543f3dfc91d22225d1e9dad7fb10d4
- SHA256
  
  e8d3e9d5d4c9257a079e4140d2a7806854440a260a933a0f46c2d3a1979ecc9b
- SHA512
  
  9e7acc9a0030f98388866b1b36bfabffd253701624c85730e201cfe5f957b1807f2fa6cee4a6f131449cec428932b692615d0773b4cf0c472530e3701deb2800
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
- Modifies system certificate store
  evasion spyware trojan
- Drops file in System32 directory
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

evasionspywaretrojan

task2