a3fcd479bb42a6f147eb27bd105de1d05adcaaf7f71c0ae2f432a44b4e554ce5 | Triage

Resubmissions

10-07-2020 14:55

200710-lvc7nhrjka 10

Sharing

General

Target

Password.txt.lnk
Size

2KB
Sample

200710-lvc7nhrjka
MD5

1904661a50ba45dda55fd32a286dc7b3
SHA1

d88c8c577002d4a36e7ff48844aa93e78f61191b
SHA256

a3fcd479bb42a6f147eb27bd105de1d05adcaaf7f71c0ae2f432a44b4e554ce5
SHA512

799530c6eea888523ee9f65ffea07746a3b1b68bf87c7ebea2e65bc09ad9f39de052e3dac4f8dbadcff79f16096510054360051c52724b828453ca08b28bad9f

Score

10^/10

evasion spyware trojan

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://bit.ly/3eaY1TH

Targets

- Target
  
  Password.txt.lnk
- Size
  
  2KB
- MD5
  
  1904661a50ba45dda55fd32a286dc7b3
- SHA1
  
  d88c8c577002d4a36e7ff48844aa93e78f61191b
- SHA256
  
  a3fcd479bb42a6f147eb27bd105de1d05adcaaf7f71c0ae2f432a44b4e554ce5
- SHA512
  
  799530c6eea888523ee9f65ffea07746a3b1b68bf87c7ebea2e65bc09ad9f39de052e3dac4f8dbadcff79f16096510054360051c52724b828453ca08b28bad9f
Score

10^/10

evasion spyware trojan
- Blacklisted process makes network request
- Executes dropped EXE
- Modifies system certificate store
  evasion spyware trojan
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywaretrojan