Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7e697ca3514a77799cfa6cd5fcffd14116ca8f6d0e8dd0ab3ec834863c37ca1.doc

  • Size

    132KB

  • Sample

    200129-rg7cra3mk6

  • MD5

    5e160e709cd17b121bf663d428647afa

  • SHA1

    4dc98180583860d7f32928066b5b4ab972428105

  • SHA256

    c7e697ca3514a77799cfa6cd5fcffd14116ca8f6d0e8dd0ab3ec834863c37ca1

  • SHA512

    d702f40096cdf632b4400c6bbb64ece14eb6d8b6ef3a2d6b781437312a1c34eebcd5b2a7d52530d9c78e2cbc3a727a2ac8b8d2c05fcbb39d57c08212b4a1e92a

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://blinkro.eu/wp-content/hMDRkCt/
exe.dropper

http://blasmontavez.com/wp-includes/ep0/
exe.dropper

http://luxuryflower.net/wp-content/cgNoUgY/
exe.dropper

http://gostareh.org/old/f7tSe81/
exe.dropper

http://hindwalkerphoto.com/wp-content/v1d8mo/

Targets

    • Target

      c7e697ca3514a77799cfa6cd5fcffd14116ca8f6d0e8dd0ab3ec834863c37ca1.doc

    • Size

      132KB

    • MD5

      5e160e709cd17b121bf663d428647afa

    • SHA1

      4dc98180583860d7f32928066b5b4ab972428105

    • SHA256

      c7e697ca3514a77799cfa6cd5fcffd14116ca8f6d0e8dd0ab3ec834863c37ca1

    • SHA512

      d702f40096cdf632b4400c6bbb64ece14eb6d8b6ef3a2d6b781437312a1c34eebcd5b2a7d52530d9c78e2cbc3a727a2ac8b8d2c05fcbb39d57c08212b4a1e92a

    Score
    10/10

    • Process spawned unexpected child process

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks