Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11b9f2e39035c8beb7182aaf7a4936d5df5177d906619bcee69e68cfeb000f17.doc

  • Size

    151KB

  • Sample

    200127-zlpbwk2syx

  • MD5

    6f108494a6c6f3702cab67417f3d9041

  • SHA1

    ae81f2797d0dcbcc56cd994f175c5b7a9da6e41e

  • SHA256

    11b9f2e39035c8beb7182aaf7a4936d5df5177d906619bcee69e68cfeb000f17

  • SHA512

    41cb8ead8b3c049d7d3ff415f46d0fef7c6564e988b7a23daf2c84589d2dbaeb4f188d3b850c9d495cd4de7db115b97f5919292d3d6b388507e442fa6c6c1f26

Score
10/10
evasionspywaretrojan

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://delhisexclinic.com/zds/jUzItNFoNN/
exe.dropper

https://lelangg.online/uydlcvg/xoZAiAes/
exe.dropper

https://usispf.org/wp-admin/vjWaya/
exe.dropper

https://www.sexylady.space/wp-admin/JM/
exe.dropper

https://www.metropolnet.gr/cgi-bin/eP1hbutDbo/

Targets

    • Target

      11b9f2e39035c8beb7182aaf7a4936d5df5177d906619bcee69e68cfeb000f17.doc

    • Size

      151KB

    • MD5

      6f108494a6c6f3702cab67417f3d9041

    • SHA1

      ae81f2797d0dcbcc56cd994f175c5b7a9da6e41e

    • SHA256

      11b9f2e39035c8beb7182aaf7a4936d5df5177d906619bcee69e68cfeb000f17

    • SHA512

      41cb8ead8b3c049d7d3ff415f46d0fef7c6564e988b7a23daf2c84589d2dbaeb4f188d3b850c9d495cd4de7db115b97f5919292d3d6b388507e442fa6c6c1f26

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

    • Executes dropped EXE

    • Modifies system certificate store

      evasionspywaretrojan
    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks