General

  • Target

    dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822

  • Size

    159KB

  • Sample

    220520-1eh14adgf9

  • MD5

    7ddc710efec2afde585c14b7aab0390d

  • SHA1

    ffff91695e0ab3289078686b0f805ecec5fb8d4b

  • SHA256

    dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822

  • SHA512

    05a8c4a6e8481bba138de73b6c600ace4eb67b69c20628f07e1cac66143dcdf889357ff313db79cb4d7cb7cd2bcc9c33182a317c0bc1bf062408a02dbef582dd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.madonnaball.com/wp-content/Xbc/

exe.dropper

http://www.drivingwitharrow.com/wp-content/plugins/w8KF86/

exe.dropper

http://totemrussia.com/6uq9udk/pt9G/

exe.dropper

http://kaziriad.com/wp-admin/8Y98/

exe.dropper

http://movetracker.com/wp-content/MYsw/

Targets

    • Target

      dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822

    • Size

      159KB

    • MD5

      7ddc710efec2afde585c14b7aab0390d

    • SHA1

      ffff91695e0ab3289078686b0f805ecec5fb8d4b

    • SHA256

      dcf91d19c8b8e4703da7aa7e84e4905c4d3284fbe78bc56297f2429472c93822

    • SHA512

      05a8c4a6e8481bba138de73b6c600ace4eb67b69c20628f07e1cac66143dcdf889357ff313db79cb4d7cb7cd2bcc9c33182a317c0bc1bf062408a02dbef582dd

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks