General

  • Target

    2022-1-28-acfe7d6340b879f65260e326e9363cae.bin

  • Size

    46KB

  • Sample

    220128-a3mfbadga7

  • MD5

    acfe7d6340b879f65260e326e9363cae

  • SHA1

    7ede3c78229a8b40f993a8130dea7eaa623a42ce

  • SHA256

    711cce17f03661006598a1c6888aece3145f54a9d47cdd7780644d0ea7e34608

  • SHA512

    7c9b108e4abb276f19df16f629ff847cf7bfeb6812bacb87f789260dedbac81c9e4ac414ae088511a3c063154b16ebab7f928e8b37720815f076bb94263354d3

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.240.118.168/vvv/ppp/fe.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://91.240.118.168/vvv/ppp/fe.png

Targets

    • Target

      2022-1-28-acfe7d6340b879f65260e326e9363cae.bin

    • Size

      46KB

    • MD5

      acfe7d6340b879f65260e326e9363cae

    • SHA1

      7ede3c78229a8b40f993a8130dea7eaa623a42ce

    • SHA256

      711cce17f03661006598a1c6888aece3145f54a9d47cdd7780644d0ea7e34608

    • SHA512

      7c9b108e4abb276f19df16f629ff847cf7bfeb6812bacb87f789260dedbac81c9e4ac414ae088511a3c063154b16ebab7f928e8b37720815f076bb94263354d3

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks