General

  • Target

    6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e

  • Size

    34KB

  • Sample

    240721-1fsa6awbmg

  • MD5

    a117e4f5bfe2ba75ff6b78e93c6df153

  • SHA1

    196d0942134dd60244730f28872e0d7b774cb9f4

  • SHA256

    6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e

  • SHA512

    1b41d658462cf7ecc7c6018065871243b006cfb85e633a223b4d1125cf21879056fe3cebc0663251a213c30e7591f04286e6c3dd3f06183e44edaa7a1b459c38

  • SSDEEP

    768:cveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:wSP+SKabAk0BuqCXlg+/fs5cClfZw2gQ

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1

Targets

    • Target

      6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e

    • Size

      34KB

    • MD5

      a117e4f5bfe2ba75ff6b78e93c6df153

    • SHA1

      196d0942134dd60244730f28872e0d7b774cb9f4

    • SHA256

      6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e

    • SHA512

      1b41d658462cf7ecc7c6018065871243b006cfb85e633a223b4d1125cf21879056fe3cebc0663251a213c30e7591f04286e6c3dd3f06183e44edaa7a1b459c38

    • SSDEEP

      768:cveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:wSP+SKabAk0BuqCXlg+/fs5cClfZw2gQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks