General

  • Target

    017787caaa93c6f2e375aaf39734b19acd097e04e64142df1c07b226ed9271d2

  • Size

    164KB

  • Sample

    201020-w1d9js7mra

  • MD5

    ce9549ddd29b944b092bcb2631b5cecc

  • SHA1

    79053ad61a4348daaae0dc567f0f9b0adf6a35a6

  • SHA256

    017787caaa93c6f2e375aaf39734b19acd097e04e64142df1c07b226ed9271d2

  • SHA512

    6e9dc425299965b4d6ded3cacd0e612511250f61cc667449fc126d8caf83b1425a641f446c3f080bd488e0d230f0bad132da0e277a158c45dfffcfcb572f076d

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://wodsuit.com/ram-aisin/7r9/

exe.dropper

http://hoobiq.com/cgi-bin/Xyv/

exe.dropper

http://bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/

exe.dropper

https://vat201.com/calculator/itQ/

exe.dropper

http://vikinggg.com/hydrolysis-of/bY/

exe.dropper

https://mohamedsayed.com/wp-admin/Zt/

exe.dropper

https://hostimpel.com/js/q/

Targets

    • Target

      017787caaa93c6f2e375aaf39734b19acd097e04e64142df1c07b226ed9271d2

    • Size

      164KB

    • MD5

      ce9549ddd29b944b092bcb2631b5cecc

    • SHA1

      79053ad61a4348daaae0dc567f0f9b0adf6a35a6

    • SHA256

      017787caaa93c6f2e375aaf39734b19acd097e04e64142df1c07b226ed9271d2

    • SHA512

      6e9dc425299965b4d6ded3cacd0e612511250f61cc667449fc126d8caf83b1425a641f446c3f080bd488e0d230f0bad132da0e277a158c45dfffcfcb572f076d

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks