a7ec27918dc9a1067836c1f033edd079851ae4f730710bc81033ec5602c615ce | Triage

Sharing

General

Target

a7ec27918dc9a1067836c1f033edd079851ae4f730710bc81033ec5602c615ce.doc
Size

151KB
Sample

200127-s6pm9lbhhj
MD5

93cb964fb22cf8f88e35293b75c6919a
SHA1

66eecd0343577c2e826b426a1569dee31bab1799
SHA256

a7ec27918dc9a1067836c1f033edd079851ae4f730710bc81033ec5602c615ce
SHA512

05982639cab130512d1b7d95c2735bd63e0641ce0f205721eda120920e6ea7fe971457b5db056650af3e01ad5f8d56b5b072e8458798c307ec46fb61ed9783da

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://delhisexclinic.com/zds/jUzItNFoNN/

exe.dropper

https://lelangg.online/uydlcvg/xoZAiAes/

exe.dropper

https://usispf.org/wp-admin/vjWaya/

exe.dropper

https://www.sexylady.space/wp-admin/JM/

exe.dropper

https://www.metropolnet.gr/cgi-bin/eP1hbutDbo/

Targets

- Target
  
  a7ec27918dc9a1067836c1f033edd079851ae4f730710bc81033ec5602c615ce.doc
- Size
  
  151KB
- MD5
  
  93cb964fb22cf8f88e35293b75c6919a
- SHA1
  
  66eecd0343577c2e826b426a1569dee31bab1799
- SHA256
  
  a7ec27918dc9a1067836c1f033edd079851ae4f730710bc81033ec5602c615ce
- SHA512
  
  05982639cab130512d1b7d95c2735bd63e0641ce0f205721eda120920e6ea7fe971457b5db056650af3e01ad5f8d56b5b072e8458798c307ec46fb61ed9783da
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
- Modifies system certificate store
  evasion spyware trojan
task1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

evasionspywaretrojan