General

  • Target

    94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618

  • Size

    155KB

  • Sample

    220731-kcm92ahbhk

  • MD5

    3d0805bb03b8caac44c23db4ed76b5b6

  • SHA1

    e35a8776ad6e02f2920cac3b55f62a9cf5f516c2

  • SHA256

    94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618

  • SHA512

    e6d86520cfcaa999a3c9dde12f11721354fcb35a26f00a4b702db2671aa52479dcf51a05558a5ae17c9cb224c466a103d114a14e28e50f3d929df7844097902f

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.bilgiegitimonline.com/wp-admin/mXWp/

exe.dropper

https://www.yanjiaozhan.com/wp-includes/ug7/

exe.dropper

http://barabooseniorhigh.com/En/JHS/

exe.dropper

http://www.majoristanbul.com/cgi-bin/1OF/

exe.dropper

http://bloodybits.com/edwinjefferson.com/jx7/

Targets

    • Target

      94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618

    • Size

      155KB

    • MD5

      3d0805bb03b8caac44c23db4ed76b5b6

    • SHA1

      e35a8776ad6e02f2920cac3b55f62a9cf5f516c2

    • SHA256

      94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618

    • SHA512

      e6d86520cfcaa999a3c9dde12f11721354fcb35a26f00a4b702db2671aa52479dcf51a05558a5ae17c9cb224c466a103d114a14e28e50f3d929df7844097902f

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks