General

  • Target

    4989039120908288.zip

  • Size

    367KB

  • Sample

    211015-v9d3qsbbh3

  • MD5

    488e094974efb6acae512e88c98d4f5f

  • SHA1

    1cfdd0904712d7f1f4fffe53f365177270f32e05

  • SHA256

    5bdcd9abfa76950e64c08ca22b48f47208242b52aeb6313a7c1d6fb5060aa60b

  • SHA512

    2a48bf5b17f5e7c05bde1bc4fec99a50bdb6bd358ca202ebdd0d5461ecc2037bae001d789a5f9289969acb72dbb8eb72e85456f4010a6be101ac229bc238ef32

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://18.195.143.183/8/8/ENP_5080010136520.exe

Targets

    • Target

      171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9

    • Size

      384KB

    • MD5

      84cab514832f4ebf26b96fdaeb24b4fc

    • SHA1

      06963848a2ba5fb76131b55926efed986bd28294

    • SHA256

      171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9

    • SHA512

      c244df05c39b9ea79f70f440b944845d12b2e2f13b3e62a47d647e1c86b8612693b9485af05bfd4ddffa53d55e87ff620731321ee27f8667c1b625e86fc47842

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks