0c25276d58a251c42e1a4fa8f2416af88b09b248a9b99dbf039670e2a288a803 | Triage

Resubmissions

13-02-2020 14:21

200213-r1nwjgkwea 10

13-02-2020 13:19

200213-wse4n1heva 10

Sharing

General

Target

2nd-stage.vbs
Size

1KB
Sample

200213-r1nwjgkwea
MD5

1164fa998ddecff39246b197f06ca363
SHA1

6cf6a11e185b0dc2b74994f9a09856dfd8107d77
SHA256

0c25276d58a251c42e1a4fa8f2416af88b09b248a9b99dbf039670e2a288a803
SHA512

95c1c49f57e53894933ac887c4b76b978f74bb9d23e0f14598031cf364ae785537cf85119e4088202f02e5671ec60213db9b51a8a388a87fc1a810fe99825256

Score

10^/10

persistence

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://pastebin.com/raw/NRWPsuFT

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://pastebin.com/raw/W4nmEPn5

Targets

- Target
  
  2nd-stage.vbs
- Size
  
  1KB
- MD5
  
  1164fa998ddecff39246b197f06ca363
- SHA1
  
  6cf6a11e185b0dc2b74994f9a09856dfd8107d77
- SHA256
  
  0c25276d58a251c42e1a4fa8f2416af88b09b248a9b99dbf039670e2a288a803
- SHA512
  
  95c1c49f57e53894933ac887c4b76b978f74bb9d23e0f14598031cf364ae785537cf85119e4088202f02e5671ec60213db9b51a8a388a87fc1a810fe99825256
Score

10^/10

persistence
- Blacklisted process makes network request
- Adds Run entry to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1