General

  • Target

    683573224327e8cecc5d38f690c4598f52ece7bd878b05e7f279111680604d5b

  • Size

    227KB

  • Sample

    201029-s4fgnbfnsa

  • MD5

    9302cda391554ab9cd2a2012057bbd93

  • SHA1

    73a9ace74211841912ee09399de898b221e47bf3

  • SHA256

    683573224327e8cecc5d38f690c4598f52ece7bd878b05e7f279111680604d5b

  • SHA512

    3496a3261ddccd2ebc8c6b4c4451a9adcac348d38112a1fda76ec1c6886ecc0ab92eefbb8db78be5a03463de4b596182adeeaa21e62a0f82348df5e90df8057a

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/

exe.dropper

https://homewatchamelia.com/wp-admin/qmK/

exe.dropper

https://seramporemunicipality.org/replacement-vin/Ql4R/

exe.dropper

https://imperfectdream.com/wp-content/xb2csjPW6/

exe.dropper

https://mayxaycafe.net/wp-includes/UxdWFzYQj/

exe.dropper

https://420extracts.ca/cgi-bin/Ecv/

exe.dropper

https://casinopalacett.com/wp-admin/voZDArg/

Targets

    • Target

      683573224327e8cecc5d38f690c4598f52ece7bd878b05e7f279111680604d5b

    • Size

      227KB

    • MD5

      9302cda391554ab9cd2a2012057bbd93

    • SHA1

      73a9ace74211841912ee09399de898b221e47bf3

    • SHA256

      683573224327e8cecc5d38f690c4598f52ece7bd878b05e7f279111680604d5b

    • SHA512

      3496a3261ddccd2ebc8c6b4c4451a9adcac348d38112a1fda76ec1c6886ecc0ab92eefbb8db78be5a03463de4b596182adeeaa21e62a0f82348df5e90df8057a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks