General

  • Target

    d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1

  • Size

    162KB

  • Sample

    220701-hz14asahf9

  • MD5

    ec469b83d15d1579617a3e9b6598c062

  • SHA1

    f648aa6fe1134cf1616e83ab953150f2e810952d

  • SHA256

    d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1

  • SHA512

    8ac5c94344d9fb0f9fc0ceed5e2937c0c7711452a4b3dc76f363df99d08b008c3cf6295d11120e585e319d7bf61f58732653f523abde39a77a9b82c140639a32

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://chistyshifaclinic.com/administrator/modules/mod_multilangstatus/language/verizon-bill-1.content.exe

exe.dropper

http://jaydeemory.com/administrator/components/com_privacy/controllers/verizon-bill-2.content.exe

exe.dropper

http://80.211.250.213:8080/es478oVMLwLrqZLe8x90y3c5

Targets

    • Target

      d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1

    • Size

      162KB

    • MD5

      ec469b83d15d1579617a3e9b6598c062

    • SHA1

      f648aa6fe1134cf1616e83ab953150f2e810952d

    • SHA256

      d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1

    • SHA512

      8ac5c94344d9fb0f9fc0ceed5e2937c0c7711452a4b3dc76f363df99d08b008c3cf6295d11120e585e319d7bf61f58732653f523abde39a77a9b82c140639a32

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks