General

  • Target

    a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51

  • Size

    83KB

  • Sample

    220115-b8p9tsccap

  • MD5

    0f9d8eef6e2b87a3759a45e1e127d94a

  • SHA1

    1333efaa172a9d858b686482c75d4d4b13582a9b

  • SHA256

    a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51

  • SHA512

    82e63db9145621fa07011a36f82cd603c40a8ca9dfa6408318923eec182d89acd3e552d19bbe9fcfdd4127bcb05bcef0de5ed4f1a38577d2c05b0844adc6a499

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/

xlm40.dropper

https://wordpress.baishuweb.com/wp-includes/10q0ice6/

xlm40.dropper

http://monorailegypt.com/wp-admin/6uBf9CCfZRMh/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/

Targets

    • Target

      a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51

    • Size

      83KB

    • MD5

      0f9d8eef6e2b87a3759a45e1e127d94a

    • SHA1

      1333efaa172a9d858b686482c75d4d4b13582a9b

    • SHA256

      a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51

    • SHA512

      82e63db9145621fa07011a36f82cd603c40a8ca9dfa6408318923eec182d89acd3e552d19bbe9fcfdd4127bcb05bcef0de5ed4f1a38577d2c05b0844adc6a499

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks