General

  • Target

    86d3bab0813b39f2fddfb6b8ee2c7bde585a5c13d972ad3d75d71f4d64d7bb5e

  • Size

    98KB

  • Sample

    220520-1e4ykahadl

  • MD5

    d3a1e493a5afaef545ecd675b19fe0f7

  • SHA1

    8187e732236ff785e6885fb43698d71e13845489

  • SHA256

    86d3bab0813b39f2fddfb6b8ee2c7bde585a5c13d972ad3d75d71f4d64d7bb5e

  • SHA512

    970bc4ee39090dbe920fc4cbd1de4c22d391aff6b40353907ad883caf2f268b883d84077c3e411915827355a3f3f96fd742d8dbccff0fc1003564e0443e6ada4

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://focalaudiodesign.com/wp-content/3j_g08k2_6s/

exe.dropper

http://www.microcommindia.com/css/9wu_sjp_rvn/

exe.dropper

http://mikeflavell.com/cgi-bin/akmt_4ns_bau/

exe.dropper

http://mosdk.com/img/bg/css/ymiu_ow_uiatk/

exe.dropper

https://overcreative.com/css/fgn_al1_gav0/

Targets

    • Target

      sample

    • Size

      171KB

    • MD5

      85e8cf7f6540a5ec489dda61d68b4e47

    • SHA1

      576caaf8dab0632331c58026deff9add882e9244

    • SHA256

      330c445638c69688590588cb2f7c932ef4c5da718b98ea8f341befdcf64218b2

    • SHA512

      0c7c6b94b647800be7588dfc8f7c9a21b54b31728cf51bbbf73076531faeaf4425535d173df0b2cf9ac40824cbed168be0f23cfce0a5629cce21932b64f331a8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks