General

  • Target

    30-August-7847556291.zip

  • Size

    285KB

  • Sample

    220830-phhnysabg5

  • MD5

    5a4e8986c40e0523576d31e2883da01b

  • SHA1

    cf673783af9436c32135468354561d2b16c8cf46

  • SHA256

    e0041d57aba9c247c7141f5e82ab47a1bc28251219c433aaf51c087c4a0bc49b

  • SHA512

    a738ea354c46ecd5213b1de0b1919c23ff634081394553484d2e7db4abcca9717afb8df4d2b459911e7430a2e927b889e21bd41fe452ea6765a52f1985442c57

  • SSDEEP

    6144:hIE5bJWdGN5V70BGQ1lcOmISEsjSGRRZTtdxuYOur6s7NyzC1b4:hXbJWdGviBp4OkR/TtjuvC6sms4

Score
10/10

Malware Config

Targets

    • Target

      1ed45858120dda1e5e393fe1eb87757de9cfa421853b27cd1e247c198fc8a3e3

    • Size

      354KB

    • MD5

      9f7d27433f4e9d289635c55083ee0bb0

    • SHA1

      1b96be82b697e835b903c6c22799c8e4e55e285c

    • SHA256

      1ed45858120dda1e5e393fe1eb87757de9cfa421853b27cd1e247c198fc8a3e3

    • SHA512

      204b5f3d176624eddf3e8991fe3718fc8b47a7b73b42c25a38077128776a0f9cc358e0cd209cde2b5f4d669a6d951b66f8cf3e546e09a9997d8d87b9fea96ecc

    • SSDEEP

      6144:iCzqBL1BLe115u5N5p5lHBoiKTY/vRHSuhP345hiq5b9ldkcLX+oVbJfFqtbtZnG:iCOLe115u5N5p5lHOiKTY/vRHSuhP345

    Score
    1/10
    • Target

      83325876770ab739b9e6dbb17f3f45bee255d5fa1b26b89e7729640814feee02

    • Size

      483KB

    • MD5

      2c2695e059726e0139c3ae608dc3fce2

    • SHA1

      a916b448407de17a595b3f967d3c4537352fd30b

    • SHA256

      83325876770ab739b9e6dbb17f3f45bee255d5fa1b26b89e7729640814feee02

    • SHA512

      858a65d029cf6a6a6547fe6b544173af9fde4d1697b377fe6886685f44a10fcdfa05f9617db88662d3ab9b4623a5324ae56bd2ee57e744c572d1b99158055296

    • SSDEEP

      6144:vQF8qxKulaxl40hEfD3TA7Yiagmd4iLAmWR66tF:wyhEfD3Tliagmd4iLAmWR66

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Target

      What_is_an_ongoing_contract (dsdg).js

    • Size

      483KB

    • MD5

      1fa7d7d708dd5c005535f4a41e03dc9a

    • SHA1

      a42bfb5c02e4c55cecfea62adf8dfcf4d766316f

    • SHA256

      dd81dd22d8b1357f6b967a4faa488dcacdd646321f1fca40b7db7670596923ed

    • SHA512

      895593df3d04e6ccec793465728d49568c155749811dcef8821403e60c3dfd5f3fd9e17c19ab01ac3154fee8be600de81bae7ec87fec3443577206a89407940a

    • SSDEEP

      6144:LTQBlSuulaxl4khEfD3xA73iagmd4iLAmWS6GSF:LPChEfD3x2iagmd4iLAmWS6j

    Score
    10/10
    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks