General

  • Target

    0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

  • Size

    124KB

  • Sample

    220516-zrjmqabhen

  • MD5

    b6e13c6a1d437ed02509be01dd334983

  • SHA1

    a12ee91c820278590d58f0f846067992c1aa1053

  • SHA256

    0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

  • SHA512

    8bfc1ffaaa45a8d7f6add5c51e7d1e8e62c95b71b7f76905e3a497f9957227991cd7eef477bc073483d375a3dadaef46d2d7e7376ed170a636fcd194b5836cba

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.novasystemsindustria.eu/cJcton

exe.dropper

http://velvet.com.br/2T6r4fYa

exe.dropper

http://www.batikentemlak.org/dEXSJO5y

exe.dropper

http://tongkhosoncongnghiep.com/DiJuOX

exe.dropper

http://www.fibraoptica.ro/8fG

Targets

    • Target

      0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

    • Size

      124KB

    • MD5

      b6e13c6a1d437ed02509be01dd334983

    • SHA1

      a12ee91c820278590d58f0f846067992c1aa1053

    • SHA256

      0037e6079060778b28b892eb8dcca7e28ca36f26a4f36d8dc53838d6d722b318

    • SHA512

      8bfc1ffaaa45a8d7f6add5c51e7d1e8e62c95b71b7f76905e3a497f9957227991cd7eef477bc073483d375a3dadaef46d2d7e7376ed170a636fcd194b5836cba

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks