Overview

overview

10

Static

static

URLScan

urlscan

http://r.news.anicia...

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://r.news.anicia.it/tr/cl/9m2sScoQCVor9DW6UIklodqgMetGY1Ei0vdnhjty-OV8X_t4ub0DlMGoO2hr9133cpQNXp-bSKW1oCsVqRjRbKpbTM42-CG2iQlBos3uDRwyECkKjYO7ukSGRaA_9ujIi80A7e2LFbNk5zNHhjrVKCCWbqKdKBJpn6n09dD39i5tdrmbTh7Y2uPefXxgtDMreAk5_Rwm-CbX0KFXsy90_OBykO_gMIsFvBjOlyIkqxpH2RF6T2RfRhpm-D1s815WH62xGr7uIw

  • Sample

    210118-pyt99z93je

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ixd1196.firebird.sheridanc.on.ca/cookies/custom.php

Targets

    • Target

      http://r.news.anicia.it/tr/cl/9m2sScoQCVor9DW6UIklodqgMetGY1Ei0vdnhjty-OV8X_t4ub0DlMGoO2hr9133cpQNXp-bSKW1oCsVqRjRbKpbTM42-CG2iQlBos3uDRwyECkKjYO7ukSGRaA_9ujIi80A7e2LFbNk5zNHhjrVKCCWbqKdKBJpn6n09dD39i5tdrmbTh7Y2uPefXxgtDMreAk5_Rwm-CbX0KFXsy90_OBykO_gMIsFvBjOlyIkqxpH2RF6T2RfRhpm-D1s815WH62xGr7uIw

    Score
    10/10

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks