Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e396cc85747fe9e2372468d873e87f08a8f6685580563fc72be4d1670d013c7.doc

  • Size

    153KB

  • Sample

    200127-vv58xbjafs

  • MD5

    2791657967a29ae2799fd2bf5040ba7d

  • SHA1

    1de24e189a4b9d833d1f24bd2e6f3846ec5fe17d

  • SHA256

    3e396cc85747fe9e2372468d873e87f08a8f6685580563fc72be4d1670d013c7

  • SHA512

    f173a933075443bbc9394ca234563fbfc7a8009340ceb12cc1bc63a439695f9d1309641f7843c69d43a4dd5046df0e25f526966784bb52b17db9ffe50b687e2a

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://fietsenmetkinderen.info/App_Data/ASHFouI/
exe.dropper

https://rokonworld.xyz/cgi-bin/bf99ypv-nka70qs-62/
exe.dropper

http://www.meubelontwerpstudioheyne.nl/languages/ndZNarqnj/
exe.dropper

http://bursary.engsoc.queensu.ca/wp-admin/48ech-ddpjkzp-29821620/
exe.dropper

http://lapmangfpt.haiphong.vn/wp-admin/k50i2cm5qi-9wnfau-7879373385/

Targets

    • Target

      3e396cc85747fe9e2372468d873e87f08a8f6685580563fc72be4d1670d013c7.doc

    • Size

      153KB

    • MD5

      2791657967a29ae2799fd2bf5040ba7d

    • SHA1

      1de24e189a4b9d833d1f24bd2e6f3846ec5fe17d

    • SHA256

      3e396cc85747fe9e2372468d873e87f08a8f6685580563fc72be4d1670d013c7

    • SHA512

      f173a933075443bbc9394ca234563fbfc7a8009340ceb12cc1bc63a439695f9d1309641f7843c69d43a4dd5046df0e25f526966784bb52b17db9ffe50b687e2a

    Score
    10/10

    • Process spawned unexpected child process

    • Executes dropped EXE

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks