Overview

overview

10

Static

static

8

Default

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rep 20210120.zip

  • Size

    84KB

  • Sample

    210120-ltr2qjk152

  • MD5

    07267d9ad1ba80cc76c04522a098a1b4

  • SHA1

    613fec9139a6d5a4ae3221bdab1caa344be0985b

  • SHA256

    d1ca9cd6c0c7180ba5b5b2d311206df33940aafe7b2ad1c75bd32ba50a2172f5

  • SHA512

    dc6a86e2fdb583811e16ced3a413dac5069f75123a411fb79fb0843fb9de8b5e3ef67b0d5dc9abf39f4a104b41945da723c1eba25b96699de9769d054b7bd3ae

Score
10/10
macroransomwarexlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://zhongsijiacheng.com/wp-content/jn5/
exe.dropper

http://artistascitizen.com/wp-content/Bx3cr6/
exe.dropper

http://ombchardin.com/archive/V/
exe.dropper

https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
exe.dropper

https://happycheftv.com/wp-admin/z6uGcbY/
exe.dropper

https://careercoachconnection.com/tenderometer/4K/
exe.dropper

https://tacademicos.com/content/JbF68i/

Targets

    • Target

      rep 20210120.doc

    • Size

      159KB

    • MD5

      d6bb5641cb83904a539d884ae714a6e8

    • SHA1

      173e25426b46cc14fb5abc49bfb2b33e81fa9fc3

    • SHA256

      a74e6ac25d9467a56677ba91de26323ebb0f5d3da5ab8c734e5e33d7ecd275f4

    • SHA512

      901ebc7c64ad69902c8ad0037ceaee9c85755e74a78ca32e5046291f91470e848f3662125529915c8468fbbbaf75829f78bb8eedadd4778c6d6d1b530f1805e5

    Score
    10/10
    ransomware

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks