General

  • Target

    4efd10977656e5ed1cbe43d472c222ed9d3e62d3cbb10008627f99283da5bda9

  • Size

    121KB

  • Sample

    220520-1ptkkshcgm

  • MD5

    bd704eac1ffc447643fdad580aae59fb

  • SHA1

    a00ee4cbc868e78c0436b9e92db21b0df89020f1

  • SHA256

    4efd10977656e5ed1cbe43d472c222ed9d3e62d3cbb10008627f99283da5bda9

  • SHA512

    e16d4c4e8c6031eac1cb6258d480c5400fb921bd814035145d4432f4be43bcecf0d4088e38bcd4d2ecbaffeba83a9cd4d727b5d12f47396b7e5d59a86300eb88

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://casaroomz.com/wp-includes/rPG/

exe.dropper

http://necibekulac.com/wp-content/dTl4ul/

exe.dropper

https://www.homeonetechnologies.com/blog/dcy/

exe.dropper

http://todoparaelconfort.com/cgi-bin/wp/

exe.dropper

http://aadarshitibhusawal.org/wp-includes/amI/

exe.dropper

http://digiarmedia.com/wp-admin/8/

exe.dropper

http://avcumda.com/huseyingulgec.com.tr/cO1DS8G/

Targets

    • Target

      sample

    • Size

      232KB

    • MD5

      8d8598ee9e193f9e477b759c8078e681

    • SHA1

      91893c67cc6f77e21b38b30441beee6bd66966fb

    • SHA256

      7077e1861b7c38362bb30b8e762a64bf3823c4380c25e70c61be682127e850c7

    • SHA512

      2e86f70dabbe8ab82a2b15d70dd20dc402fbba2c1cb98e23e8f72e4c4c3098bd7638cbe85ba9027fb128a35dcdc5d3839f4f41a6565decd4da17bfc084f56e7c

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks