General

  • Target

    80f732153350e276a2b676506c38904e02387501bbd7946340ee90858bcc5f79

  • Size

    82KB

  • Sample

    220113-zvgyascea2

  • MD5

    cddd70be02fe3a31ec6a738deb05c6c1

  • SHA1

    21ad389c6dd1ea3b3bd7b4080f06a8d2c1da5b8c

  • SHA256

    80f732153350e276a2b676506c38904e02387501bbd7946340ee90858bcc5f79

  • SHA512

    6354c04afccb34262f4a816e99ee1c59604041372f1083d63ab15685607a551ead68b8663f175d3ff487779a71edf85b71dcff4dcd5810a05be651d8e3a5bc37

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://insertcatherreview.xyz/wp-includes/UUlQtC51SL8IzBT/

xlm40.dropper

http://bbc-us.com/wp-admin/48r6tiF1qTMqrAO/

xlm40.dropper

http://vulkanvegasbonus.jeunete.com/igepuuuy/EPylXD8BuTAslj/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://insertcatherreview.xyz/wp-includes/UUlQtC51SL8IzBT/

xlm40.dropper

http://bbc-us.com/wp-admin/48r6tiF1qTMqrAO/

Targets

    • Target

      80f732153350e276a2b676506c38904e02387501bbd7946340ee90858bcc5f79

    • Size

      82KB

    • MD5

      cddd70be02fe3a31ec6a738deb05c6c1

    • SHA1

      21ad389c6dd1ea3b3bd7b4080f06a8d2c1da5b8c

    • SHA256

      80f732153350e276a2b676506c38904e02387501bbd7946340ee90858bcc5f79

    • SHA512

      6354c04afccb34262f4a816e99ee1c59604041372f1083d63ab15685607a551ead68b8663f175d3ff487779a71edf85b71dcff4dcd5810a05be651d8e3a5bc37

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks