Overview

overview

10

Static

static

163eae697e...e8.doc

windows7-x64

10

163eae697e...e8.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    163eae697eb7cadb346c9c9b7f430a9a1b5859e9354415969a54565149811ae8

  • Size

    129KB

  • Sample

    220724-zghyfafgdq

  • MD5

    4988f095e0986dd8876fc88a8ed9c223

  • SHA1

    ed1836eebfd4e0c870ca33c29e8d5b261300a7f0

  • SHA256

    163eae697eb7cadb346c9c9b7f430a9a1b5859e9354415969a54565149811ae8

  • SHA512

    000c084b82f8fc94cd4fb8c9fba383cfd97ab19b51ff833989cc302ad5b467fe64bca7eb5ad2c516e88060da92d1280002724d73d0bab2731c2fb92157bdaa97

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tan-shuai.com/wp-content/m6d71gnvv_5wuf035-3782344/
exe.dropper

http://rashhgames4u.000webhostapp.com/wp-admin/f09dmz1i98_gkhufhnf3-7958618171/
exe.dropper

http://bor-demir.com/cgi-bin/hlptlehdyU/
exe.dropper

http://klaryus.com.br/wp-includes/Requests/Zqeztqfe/
exe.dropper

https://theluxestudio.co.uk/wp-includes/pTxzfSBe/

Targets

    • Target

      163eae697eb7cadb346c9c9b7f430a9a1b5859e9354415969a54565149811ae8

    • Size

      129KB

    • MD5

      4988f095e0986dd8876fc88a8ed9c223

    • SHA1

      ed1836eebfd4e0c870ca33c29e8d5b261300a7f0

    • SHA256

      163eae697eb7cadb346c9c9b7f430a9a1b5859e9354415969a54565149811ae8

    • SHA512

      000c084b82f8fc94cd4fb8c9fba383cfd97ab19b51ff833989cc302ad5b467fe64bca7eb5ad2c516e88060da92d1280002724d73d0bab2731c2fb92157bdaa97

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks