0e21db46c2676c98f4efcff98608d428d1b6cb14412e35d8f4e0dfee8602ddce | Triage

Sharing

General

Target

Orden de comparendo.rar
Size

169KB
Sample

230522-k3kltsfc64
MD5

9fc03248a1d831f28ad5b4e3186b36de
SHA1

d0c80f82cac7f4b729fc7660580fbb95bfd37d2a
SHA256

0e21db46c2676c98f4efcff98608d428d1b6cb14412e35d8f4e0dfee8602ddce
SHA512

426bb8fe5569e35b544fa0b9ec727ccc826837595fc3c69e67add2df1f648ed260f7a34bfe8cb74471de10de5736ed3d9977fa7a01d45fa64501b354ba782018
SSDEEP

3072:h3uTOrOKpy+E8aLW5DJelYJq05cavnYkbeeRY+ZjT7ndAUfa6vtI3lHpk/e:ZuKrOK0+iLWd0IDlLtjPekZSI/e

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1yzIedgOlbPjUc006zFjrkRkJWDbchF0u

Targets

- Target
  
  Orden de comparendo Nº 8377283-3 MINISTERIO DE TRANSITO PERU.exe
- Size
  
  481KB
- MD5
  
  eda3cee701fa882bd737df5e0ac4e558
- SHA1
  
  6c21aaaf9902a39e3e18236a32331593d15f96b5
- SHA256
  
  adc7909c67b4a85f430bd526a93228512bcd61340b4a06540071469ddc3b1d2c
- SHA512
  
  af61ebd8ef89900b5518fd06dc2d2c42b6ddbaa590fa11cd33f1ba67b62f07808bcec67f74285e0f49dfe4fc06ba3ab04b88bf875e5d97035d48c416db67072d
- SSDEEP
  
  6144:VaoDpZkndJsStA+tgRFsTpb9GX/F0mZNFEtQkODi3RURDVCLwvGUvpohAZ:VH1CoStpt+sTd94t0m4QZD00DVCsuQo
Score

10^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2