General

  • Target

    841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024

  • Size

    157KB

  • Sample

    210113-xgvr1chlmn

  • MD5

    52cb4262f0f965aae77e3b2c423cf528

  • SHA1

    545ad01ec85501984a5e6ad74bd632ca7b252571

  • SHA256

    841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024

  • SHA512

    e14e1051f90b6daa5adc7902ead05d364c7271c69a96d38bdb5b999b3f15fdf9d735ef87245bfd9382cd16bae5280c7646491eb7c75c293cd6246781ea6c3e04

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://altrashift.com/wp-includes/I/

exe.dropper

https://ojodetigremezcal.com/wp/i62s/

exe.dropper

https://snowremoval-services.com/wp-content/P3Z/

exe.dropper

http://kitsunecomplements.com/too-much-phppq/n65U/

exe.dropper

https://imperioone.com/content/WOBq/

exe.dropper

http://www.autoeck-baden.at/wp-content/w0Vb/

exe.dropper

https://shop.animewho.com/content/Tj/

Targets

    • Target

      841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024

    • Size

      157KB

    • MD5

      52cb4262f0f965aae77e3b2c423cf528

    • SHA1

      545ad01ec85501984a5e6ad74bd632ca7b252571

    • SHA256

      841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024

    • SHA512

      e14e1051f90b6daa5adc7902ead05d364c7271c69a96d38bdb5b999b3f15fdf9d735ef87245bfd9382cd16bae5280c7646491eb7c75c293cd6246781ea6c3e04

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks