Resubmissions

17-01-2021 18:03

210117-xmztx5s53n 10

17-01-2021 16:38

210117-9yeyx8qg52 10

13-01-2021 06:02

210113-jj5vc6stas 10

General

  • Target

    bdcd5f7db27ea098d9dbd6d561c81bbd0014a42688d4ccac2f799da3ffa17a30

  • Size

    157KB

  • Sample

    210113-jj5vc6stas

  • MD5

    a707c3fc57f474a31b67d15f4b994119

  • SHA1

    80f0a0d10d3117f599a008a318e74e931beda998

  • SHA256

    bdcd5f7db27ea098d9dbd6d561c81bbd0014a42688d4ccac2f799da3ffa17a30

  • SHA512

    1744766504c7c65432da9a6e7cbc81790b7b4839a3d8523f559692eb3062b3fda3d4405efde86ceed6f185dc7f568b506a5375fde42bd6b4cd58915f1fac6710

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://altrashift.com/wp-includes/I/

exe.dropper

https://ojodetigremezcal.com/wp/i62s/

exe.dropper

https://snowremoval-services.com/wp-content/P3Z/

exe.dropper

http://kitsunecomplements.com/too-much-phppq/n65U/

exe.dropper

https://imperioone.com/content/WOBq/

exe.dropper

http://www.autoeck-baden.at/wp-content/w0Vb/

exe.dropper

https://shop.animewho.com/content/Tj/

Targets

    • Target

      bdcd5f7db27ea098d9dbd6d561c81bbd0014a42688d4ccac2f799da3ffa17a30

    • Size

      157KB

    • MD5

      a707c3fc57f474a31b67d15f4b994119

    • SHA1

      80f0a0d10d3117f599a008a318e74e931beda998

    • SHA256

      bdcd5f7db27ea098d9dbd6d561c81bbd0014a42688d4ccac2f799da3ffa17a30

    • SHA512

      1744766504c7c65432da9a6e7cbc81790b7b4839a3d8523f559692eb3062b3fda3d4405efde86ceed6f185dc7f568b506a5375fde42bd6b4cd58915f1fac6710

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks