48004a431e2f576ec828d954b2c8338ffd01bf0cc7cbfc16cf387dc3906cdb46 | Triage

Sharing

General

Target

Wordpress All in One Bruteforce [10 macros] v2.15 + Shell Uploader-v1.19.rar
Size

7.7MB
Sample

240708-h75fpa1alg
MD5

19118cd8ef68e3b54789db547ac6f385
SHA1

e5f9eeac96d5dc4fbda378da440e19b6c5d329ae
SHA256

48004a431e2f576ec828d954b2c8338ffd01bf0cc7cbfc16cf387dc3906cdb46
SHA512

0be5bc528343fff895fb54667897c1742538dbc0235d362f7af9545f77d8be407a8ebcdc68a1a8c3615e59fd4cac7f44ddfd26cfb9aae327d966ee993e61857c
SSDEEP

196608:CMTdKjnlqgXGs6EtomNH5FKu99oiKScsw7IMjK2jhGMtBgpf9J+TMM4Cc9:Clv2s68BoiKsw7FNGMtmj+TTc9

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Wordpress All in One Bruteforce [10 macros] v2.15 + Shell Uploader-v1.19.exe
- Size
  
  9.0MB
- MD5
  
  4abb9e3b64af8861782a9c19dcdb2bee
- SHA1
  
  d541a2c251efae73a88b08c260c0dff98cfbc75a
- SHA256
  
  39116e9b6746e5a34bdf84444ead68cc578c15ffd44e0abb6c83f507312b2397
- SHA512
  
  ccd8e0880a91c7b8f6fa9be03bf8d5167f389b5bff13521b0b5afd7fdd64bdf9d4c5c88c3cab2a01738f786218f5ac24676b354f8156a939fb5ae7220bad82d0
- SSDEEP
  
  196608:9DPRS/DV/I1jpjN8o6boJacnW4DUJWNSyRf/ZeoMlWG8Wiq:N54DVA1jv8o6botnW4DrrZ9c5
Score

7^/10

persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2