c9468fd1cfa64cb4d100767c6f225e21f15004eb9bca592df16783ac11fb4cef | Triage

Sharing

General

Target

c9468fd1cfa64cb4d100767c6f225e21f15004eb9bca592df16783ac11fb4cef.doc
Size

151KB
Sample

200127-ebss563x9a
MD5

684c6792e26957c166895d395ba4c0b5
SHA1

a0ee5e3cab2c2bc1dc4db1a514339fed3f5b2ef8
SHA256

c9468fd1cfa64cb4d100767c6f225e21f15004eb9bca592df16783ac11fb4cef
SHA512

60e166852dfda28cb4f9dd7eb1cdec46a871ef79e276cf61313fd2a55dfaec06afe5eca1ea8b63c4305c34a60e3bb3eeaf07700a94847cc00b9abf7db3e33993

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://delhisexclinic.com/zds/jUzItNFoNN/

exe.dropper

https://lelangg.online/uydlcvg/xoZAiAes/

exe.dropper

https://usispf.org/wp-admin/vjWaya/

exe.dropper

https://www.sexylady.space/wp-admin/JM/

exe.dropper

https://www.metropolnet.gr/cgi-bin/eP1hbutDbo/

Targets

- Target
  
  c9468fd1cfa64cb4d100767c6f225e21f15004eb9bca592df16783ac11fb4cef.doc
- Size
  
  151KB
- MD5
  
  684c6792e26957c166895d395ba4c0b5
- SHA1
  
  a0ee5e3cab2c2bc1dc4db1a514339fed3f5b2ef8
- SHA256
  
  c9468fd1cfa64cb4d100767c6f225e21f15004eb9bca592df16783ac11fb4cef
- SHA512
  
  60e166852dfda28cb4f9dd7eb1cdec46a871ef79e276cf61313fd2a55dfaec06afe5eca1ea8b63c4305c34a60e3bb3eeaf07700a94847cc00b9abf7db3e33993
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
- Executes dropped EXE
- Modifies system certificate store
  evasion spyware trojan
task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

evasionspywaretrojan