24e1dfddcd17b438aa5fc6640560fe4ba881a4eea34b79aa8c46521449c92aad | Triage

Sharing

General

Target

ghztD_enc.vbe
Size

1KB
Sample

200217-7k6bl8357j
MD5

c99bc6705cbbba2ff17da1f7a16f12f7
SHA1

9000723b516e0933d9c320b223138dc033d808f1
SHA256

24e1dfddcd17b438aa5fc6640560fe4ba881a4eea34b79aa8c46521449c92aad
SHA512

676248513d447c33b9966ec57abf7e3b845de0b41ed6e4f7d2208e6477cd3f2da46555b7a601d31c2c8013d79e9ba6fd247405e9c7352301b4e7378c9697e787

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://107.189.7.176/crypter/ClassLibrary6.dll

Targets

- Target
  
  ghztD_enc.vbe
- Size
  
  1KB
- MD5
  
  c99bc6705cbbba2ff17da1f7a16f12f7
- SHA1
  
  9000723b516e0933d9c320b223138dc033d808f1
- SHA256
  
  24e1dfddcd17b438aa5fc6640560fe4ba881a4eea34b79aa8c46521449c92aad
- SHA512
  
  676248513d447c33b9966ec57abf7e3b845de0b41ed6e4f7d2208e6477cd3f2da46555b7a601d31c2c8013d79e9ba6fd247405e9c7352301b4e7378c9697e787
Score

10^/10

evasion spyware trojan
- Blacklisted process makes network request
- Program crash
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojan

behavioral2