General

  • Target

    otsgtjda

  • Size

    140KB

  • Sample

    220419-e6r77acfdn

  • MD5

    391dca4cf91ae12aa1b5ac9d0ac3ec41

  • SHA1

    47cfcf587d838f68a8f8df53ea3afae475436992

  • SHA256

    06012c700c1dac4c122303e920fdf1c71c41e681673c241c9698e5766df275a8

  • SHA512

    de299156048c8cb81fe9a5e839442347d118b9de47b353500647a73d4b97f010dcef6d6eb3c7ee9b04874010efd0b9f3b8790f8f9013a47271528eaed1be0c41

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://evgeniys.ru/sap-logs/D6/

exe.dropper

http://crownadvertising.ca/wp-includes/OxiAACCoic/

exe.dropper

https://cars-taxonomy.mywebartist.eu/-/BPCahsAFjwF/

exe.dropper

http://immoinvest.com.br/blog_old/wp-admin/luoT/

exe.dropper

https://yoho.love/wp-content/e4laFBDXIvYT6O/

exe.dropper

https://www.168801.xyz/wp-content/6J3CV4meLxvZP/

exe.dropper

https://www.pasionportufuturo.pe/wp-content/XUBS/

Targets

    • Target

      otsgtjda

    • Size

      140KB

    • MD5

      391dca4cf91ae12aa1b5ac9d0ac3ec41

    • SHA1

      47cfcf587d838f68a8f8df53ea3afae475436992

    • SHA256

      06012c700c1dac4c122303e920fdf1c71c41e681673c241c9698e5766df275a8

    • SHA512

      de299156048c8cb81fe9a5e839442347d118b9de47b353500647a73d4b97f010dcef6d6eb3c7ee9b04874010efd0b9f3b8790f8f9013a47271528eaed1be0c41

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks