General

  • Target

    2ae4d463cd4df974d95288744d1bbf686b42db45896e6c0ad4917f7aab42f32d

  • Size

    126KB

  • Sample

    240710-zzznxasemh

  • MD5

    d89dfeaadf6cdf2b7ea3435644180b3a

  • SHA1

    bc9767d6217daba21cfdf8ed7e8dba01742bf196

  • SHA256

    2ae4d463cd4df974d95288744d1bbf686b42db45896e6c0ad4917f7aab42f32d

  • SHA512

    928a0d467b79ba834f031e2a220c75e56017f7df7dba57be4a9ce274881f422683d70fdf39053c5f1496d1c59bb084fe6e8c0984d70b7740be49a1df631a560e

  • SSDEEP

    1536:KdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:8AxdEzvn5jb8cU

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://85.143.166.190/asdvx/fghs.php

Targets

    • Target

      2ae4d463cd4df974d95288744d1bbf686b42db45896e6c0ad4917f7aab42f32d

    • Size

      126KB

    • MD5

      d89dfeaadf6cdf2b7ea3435644180b3a

    • SHA1

      bc9767d6217daba21cfdf8ed7e8dba01742bf196

    • SHA256

      2ae4d463cd4df974d95288744d1bbf686b42db45896e6c0ad4917f7aab42f32d

    • SHA512

      928a0d467b79ba834f031e2a220c75e56017f7df7dba57be4a9ce274881f422683d70fdf39053c5f1496d1c59bb084fe6e8c0984d70b7740be49a1df631a560e

    • SSDEEP

      1536:KdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:8AxdEzvn5jb8cU

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks