General

  • Target

    cjoohcvf

  • Size

    231KB

  • Sample

    220522-f1rvxaffa5

  • MD5

    cce340ce6ad8a105036d929ac967edd4

  • SHA1

    19180a3aad79986006c09d18c9fed1f4c6157003

  • SHA256

    62cc3eedb06b43f8a3e286b0a9f04cbf36fe240a532b217d91950ea20fa0ba9c

  • SHA512

    065614fa2e9e1fef4e0f4ff823a2e9b4935d2c3c2479da1f3dfe086866e27bf29c990557c9eddf839f0de55ed9e7734414358b9d88b3301f482514a1e0b05f6b

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://xn--ruqumz1h0h.com/wp-content/zj/

exe.dropper

http://hemalrathod.com/BillGST/6Y/

exe.dropper

http://ipeconstrutora.com/cgi-bin/Zf/

exe.dropper

http://islamabadtrafficpolice.gov.pk/i/

exe.dropper

http://kogeisha.net/kansaiosakanagasaki-kenjinkai/Rxj/

exe.dropper

http://lalenga.cl/claudio/oMz/

exe.dropper

http://pedantas.eu/wp-snapshots/L/

Targets

    • Target

      cjoohcvf

    • Size

      231KB

    • MD5

      cce340ce6ad8a105036d929ac967edd4

    • SHA1

      19180a3aad79986006c09d18c9fed1f4c6157003

    • SHA256

      62cc3eedb06b43f8a3e286b0a9f04cbf36fe240a532b217d91950ea20fa0ba9c

    • SHA512

      065614fa2e9e1fef4e0f4ff823a2e9b4935d2c3c2479da1f3dfe086866e27bf29c990557c9eddf839f0de55ed9e7734414358b9d88b3301f482514a1e0b05f6b

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks