d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09 | Triage

Sharing

General

Target

readme.js
Size

10KB
Sample

210113-glj5eaddex
MD5

db49b6f1f379122685be9553c5cc0f37
SHA1

45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6
SHA256

d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09
SHA512

1eae9f302d90b3a1887b9f74927bf9bfac0519ae0f4019497177eca3ac2086ed71b4296193bcf62ba493d7fe2e4d57f42ded79ed5e8789abca206a2185ebab23

Score

10^/10

evasion

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.zz3r0.com

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.zer9g.com

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.bb3u9.com

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://t.bb3u9.com

Targets

- Target
  
  readme.js
- Size
  
  10KB
- MD5
  
  db49b6f1f379122685be9553c5cc0f37
- SHA1
  
  45788a5c0c0d97d9bed9c0e6115eca1edbad8ba6
- SHA256
  
  d8b5eaae03098bead91ff620656b9cfc569e5ac1befd0f55aee4cdb39e832b09
- SHA512
  
  1eae9f302d90b3a1887b9f74927bf9bfac0519ae0f4019497177eca3ac2086ed71b4296193bcf62ba493d7fe2e4d57f42ded79ed5e8789abca206a2185ebab23
Score

10^/10

evasion
- Blocklisted process makes network request
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Command-Line Interface

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2