Overview

overview

10

Static

static

8

SecuriteIn...19.doc

windows7_x64

10

SecuriteIn...19.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.VB.Trojan.Downloader.JVAZ.20129.20519

  • Size

    103KB

  • Sample

    210113-6llsj5gg42

  • MD5

    91a695ded57d874bd242f32912d65cff

  • SHA1

    caa5283145f5680703e7b610645e2c25b6ebedb6

  • SHA256

    042726b5d5ae27f0edc4d8426752dd0ea0377f14374bd307c381507615e3023d

  • SHA512

    905a293081458894d69e0d4701fda1222671833c9e76164ba5e8680cd51ebac3617ec44e2c37a2473d2d220efea3a5a41c13d6da925306db45bec76a123fa0f0

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://angel2gether.de/BlutEngel/SpeechEngines/
exe.dropper

http://holonchile.cl/cgi-bin/System32/
exe.dropper

http://members.nlbformula.com/cgi-bin/Microsoft.NET/
exe.dropper

http://akybron.hu/wordpress/Triedit/
exe.dropper

https://norailya.com/drupal/4zKMm/
exe.dropper

http://giannaspsychicstudio.com/cgi-bin/Systems/

Targets

    • Target

      SecuriteInfo.com.VB.Trojan.Downloader.JVAZ.20129.20519

    • Size

      103KB

    • MD5

      91a695ded57d874bd242f32912d65cff

    • SHA1

      caa5283145f5680703e7b610645e2c25b6ebedb6

    • SHA256

      042726b5d5ae27f0edc4d8426752dd0ea0377f14374bd307c381507615e3023d

    • SHA512

      905a293081458894d69e0d4701fda1222671833c9e76164ba5e8680cd51ebac3617ec44e2c37a2473d2d220efea3a5a41c13d6da925306db45bec76a123fa0f0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks