General

  • Target

    aidlbpeq

  • Size

    232KB

  • Sample

    220522-fyx9xaaggl

  • MD5

    cfec52b8d80989c23a30a60b68b5dd45

  • SHA1

    3247f9910c5a63def06ff2179aff615b8800a36a

  • SHA256

    8b23e164f16ba0caed21611db9782895ac3a6a1f5b30a16e7cff6a2f8e3c3008

  • SHA512

    3d2f906c817546f6501f53e381f4acb705c468f81ba684697ea9ec7e9806eb2bd48ea71c5a356cd4923d5f0d13c6b8a9ac37ef87e99b7572c58908bed1f7ce2d

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://moasocialcoop.com/wp-includes/u1weym/

exe.dropper

http://n-brake.com/aspnet_client/WiifnrD/

exe.dropper

https://www.royalsr.in/assets/jZphN4/

exe.dropper

http://online-inet.de/modules/AasIt/

exe.dropper

http://nikniek.nl/cgi-bin/7a4Y/

exe.dropper

http://exagono.com.mx/img/f/

exe.dropper

http://mlrodasepneus.com.br/index11/Cwn/

Targets

    • Target

      aidlbpeq

    • Size

      232KB

    • MD5

      cfec52b8d80989c23a30a60b68b5dd45

    • SHA1

      3247f9910c5a63def06ff2179aff615b8800a36a

    • SHA256

      8b23e164f16ba0caed21611db9782895ac3a6a1f5b30a16e7cff6a2f8e3c3008

    • SHA512

      3d2f906c817546f6501f53e381f4acb705c468f81ba684697ea9ec7e9806eb2bd48ea71c5a356cd4923d5f0d13c6b8a9ac37ef87e99b7572c58908bed1f7ce2d

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks