General

  • Target

    E1-20210120_1545

  • Size

    157KB

  • Sample

    210120-sstphl7q5n

  • MD5

    d70c5c808a719bbd58930c42ffe7b105

  • SHA1

    2aee11676a88e56ce67213f8ee1005ebb9835469

  • SHA256

    6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34

  • SHA512

    f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://zhongsijiacheng.com/wp-content/jn5/

exe.dropper

http://artistascitizen.com/wp-content/Bx3cr6/

exe.dropper

http://ombchardin.com/archive/V/

exe.dropper

https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/

exe.dropper

https://happycheftv.com/wp-admin/z6uGcbY/

exe.dropper

https://careercoachconnection.com/tenderometer/4K/

exe.dropper

https://tacademicos.com/content/JbF68i/

Targets

    • Target

      E1-20210120_1545

    • Size

      157KB

    • MD5

      d70c5c808a719bbd58930c42ffe7b105

    • SHA1

      2aee11676a88e56ce67213f8ee1005ebb9835469

    • SHA256

      6f2b4dc371f7e78131448b5d4d9ab02944ee666aa75a817d14fc8a59a0962a34

    • SHA512

      f14f20a6bf985db46c26cf806ae6a23c8c26175772e91fb5ef816e2ada9a8315258316b654600e6cc39aeab02c58f90dc6e4e77eaa17da4499d64786ff0a2573

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks