Resubmissions

22-03-2023 22:42

230322-2mse6sdg6x 10

22-03-2023 22:36

230322-2jp6msbg94 10

General

  • Target

    Ommega Publishers.one

  • Size

    261KB

  • Sample

    230322-2mse6sdg6x

  • MD5

    8b4a7b4ee51b641124a263d9e8c114b3

  • SHA1

    a153a4a757fe531501c47e2b77bf64fe8f9173c2

  • SHA256

    d163741dd3c1e6c3cd1f167d480af853c7e09841a6ee7952929aaa20cdef2662

  • SHA512

    18c3a3f80a01d048f0624a903c901eea71066570accefed7686ab3304cf152ecad4f5543a79b262fa87586d9531c360586182e8deb48969723a13ce49a484a00

  • SSDEEP

    3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXL:FeHrBwsYXm5ZGa3vRXm5ZGa3vq

Score
10/10

Malware Config

Targets

    • Target

      Ommega Publishers.one

    • Size

      261KB

    • MD5

      8b4a7b4ee51b641124a263d9e8c114b3

    • SHA1

      a153a4a757fe531501c47e2b77bf64fe8f9173c2

    • SHA256

      d163741dd3c1e6c3cd1f167d480af853c7e09841a6ee7952929aaa20cdef2662

    • SHA512

      18c3a3f80a01d048f0624a903c901eea71066570accefed7686ab3304cf152ecad4f5543a79b262fa87586d9531c360586182e8deb48969723a13ce49a484a00

    • SSDEEP

      3072:xXzeHrBwsHzUfxJ3mY2IsGllOb3HPWaBtOzUfxJ3mY2IsGllOb3HPWaBtuXL:FeHrBwsYXm5ZGa3vRXm5ZGa3vq

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks