General

  • Target

    argrxaxg

  • Size

    160KB

  • Sample

    220522-fzcplaaghm

  • MD5

    2529be6d0d4a4d7bfda6968d45dcca51

  • SHA1

    41fc6f87aac038840d09086480c9175a56b86189

  • SHA256

    5c2eb5bb1ad7637e95d3f9a48a34ca84fc39ead486c71dc34bae929f7f848831

  • SHA512

    7a9fd7526ffe56b72a819a28b8d1aeedcbdbd7a5808b5aa97a486ee67c2a1ac8a3ed298270751bced1394acd69ff9df904bd6d9479393fdf8e44e67ccab5e858

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://brand360.vn/bljgz/93U/

exe.dropper

http://aramisconstruct.ro/wp-admin/uX/

exe.dropper

https://www.alshuwail.com/cgi-bin/5/

exe.dropper

https://www.lavenderkart.com/blogs/nZP5c/

exe.dropper

https://www.talktalkenglish.vn/database/v/

exe.dropper

https://www.wellnursesmartnurse.co.za/wp-admin/HFdox/

exe.dropper

https://pox23.io/wp-content/I/

Targets

    • Target

      argrxaxg

    • Size

      160KB

    • MD5

      2529be6d0d4a4d7bfda6968d45dcca51

    • SHA1

      41fc6f87aac038840d09086480c9175a56b86189

    • SHA256

      5c2eb5bb1ad7637e95d3f9a48a34ca84fc39ead486c71dc34bae929f7f848831

    • SHA512

      7a9fd7526ffe56b72a819a28b8d1aeedcbdbd7a5808b5aa97a486ee67c2a1ac8a3ed298270751bced1394acd69ff9df904bd6d9479393fdf8e44e67ccab5e858

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks