General

  • Target

    cb51a496b2dbb4455c42ad326ed97799fa15c4cf7903a86858b31a47a899d504

  • Size

    88KB

  • Sample

    220731-jzh36agfap

  • MD5

    04e7a34036d75f10440174ad4aa791e7

  • SHA1

    ea3f0451caf876d473d9c89888770609b74abd03

  • SHA256

    cb51a496b2dbb4455c42ad326ed97799fa15c4cf7903a86858b31a47a899d504

  • SHA512

    2f1c0f2555dc7281700a5a4c5a6bcefc9d810920f902525732797e05c4f7ee0776d450b1749dcc72e83d0a27641cba72a8e9c0ea567f5319f4a7918315a94fdc

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://gtvtuning.com//M6X7JF0

exe.dropper

http://kodi.org.pl//Fv7Cz

exe.dropper

http://kernkwadrant.nl/r9ktom

exe.dropper

http://flaviofortes.com.br/gAelg4

exe.dropper

http://guinathon.ysu.edu/MJns

Targets

    • Target

      cb51a496b2dbb4455c42ad326ed97799fa15c4cf7903a86858b31a47a899d504

    • Size

      88KB

    • MD5

      04e7a34036d75f10440174ad4aa791e7

    • SHA1

      ea3f0451caf876d473d9c89888770609b74abd03

    • SHA256

      cb51a496b2dbb4455c42ad326ed97799fa15c4cf7903a86858b31a47a899d504

    • SHA512

      2f1c0f2555dc7281700a5a4c5a6bcefc9d810920f902525732797e05c4f7ee0776d450b1749dcc72e83d0a27641cba72a8e9c0ea567f5319f4a7918315a94fdc

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks