General

  • Target

    E1-2021-01-20_1545.zip

  • Size

    83KB

  • Sample

    210120-673fc5xcjx

  • MD5

    d8f03539e4eda59180bd91696e308372

  • SHA1

    7cc0c5ee1645998b2113424786a8480fbbf13218

  • SHA256

    209485fc97ce94573384397cf83846ddd453636ed7cb382725cd6fd961f4de40

  • SHA512

    1d5293c5afcfc2ad763d9486e9a7964daba7b30f0ddf6d5c2c5717bf26e25b404a5a5180100c25dde798291b32d66ffb4dc5f8de836188ffb5e32c3407cd0137

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://zhongsijiacheng.com/wp-content/jn5/

exe.dropper

http://artistascitizen.com/wp-content/Bx3cr6/

exe.dropper

http://ombchardin.com/archive/V/

exe.dropper

https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/

exe.dropper

https://happycheftv.com/wp-admin/z6uGcbY/

exe.dropper

https://careercoachconnection.com/tenderometer/4K/

exe.dropper

https://tacademicos.com/content/JbF68i/

Targets

    • Target

      6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34.doc

    • Size

      157KB

    • MD5

      d70c5c808a719bbd58930c42ffe7b105

    • SHA1

      2aee11676a88e56ce67213f8ee1005ebb9835469

    • SHA256

      6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34

    • SHA512

      f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks