General

  • Target

    d85b3c0bee9a537ec923c070fde22f9e275130ab2c3e031397796cc856a44588

  • Size

    25KB

  • Sample

    210114-lkx7m5c25x

  • MD5

    c22078f129f1d702314102bc47fa5a77

  • SHA1

    b9fb91344d5276c9ca779867fecea5ac80c89f21

  • SHA256

    d85b3c0bee9a537ec923c070fde22f9e275130ab2c3e031397796cc856a44588

  • SHA512

    aad36bb3ce63f59fae9b4d66ec5a6921edba8903c684746021a44c04817635513cedf48fb34bd69c14637874313de66a7e5d623dd36011bffae1728e7398cd9e

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://nicknewsteadconstructions.com.au/zhsvrgfcs/55555555555.jpg

Targets

    • Target

      d85b3c0bee9a537ec923c070fde22f9e275130ab2c3e031397796cc856a44588

    • Size

      25KB

    • MD5

      c22078f129f1d702314102bc47fa5a77

    • SHA1

      b9fb91344d5276c9ca779867fecea5ac80c89f21

    • SHA256

      d85b3c0bee9a537ec923c070fde22f9e275130ab2c3e031397796cc856a44588

    • SHA512

      aad36bb3ce63f59fae9b4d66ec5a6921edba8903c684746021a44c04817635513cedf48fb34bd69c14637874313de66a7e5d623dd36011bffae1728e7398cd9e

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks