General

  • Target

    69b6bc4db69680118781e7a9f2580738088930fa04884755f23904fa19e638e3

  • Size

    59KB

  • Sample

    240725-klrzks1gqa

  • MD5

    8cb23196027d424917bc9cfe67575de2

  • SHA1

    3ec7888e17e08f0f4caf3c4e2d024968abd52d07

  • SHA256

    69b6bc4db69680118781e7a9f2580738088930fa04884755f23904fa19e638e3

  • SHA512

    e821ff35d6740685752ebfde4003190bf4591ebbbf5e52d026af63dc9e85b8a20ec4f43d7b5fce7fabb7742d1a3eb68a83327b553600beb97d0bd9686662299f

  • SSDEEP

    768:Do3yA+qaVFGhiegFVsSiF1NUWJRHlHcv/emFHLCCJ:DMyAFh/6sSufl8vGsLCCJ

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://eternal.lol/file/8e53a3e023218a9b1ef9ba1ef3b5afd191a99156b77864558d/8eef4df388f2217caec3dc26.jpg

Targets

    • Target

      69b6bc4db69680118781e7a9f2580738088930fa04884755f23904fa19e638e3

    • Size

      59KB

    • MD5

      8cb23196027d424917bc9cfe67575de2

    • SHA1

      3ec7888e17e08f0f4caf3c4e2d024968abd52d07

    • SHA256

      69b6bc4db69680118781e7a9f2580738088930fa04884755f23904fa19e638e3

    • SHA512

      e821ff35d6740685752ebfde4003190bf4591ebbbf5e52d026af63dc9e85b8a20ec4f43d7b5fce7fabb7742d1a3eb68a83327b553600beb97d0bd9686662299f

    • SSDEEP

      768:Do3yA+qaVFGhiegFVsSiF1NUWJRHlHcv/emFHLCCJ:DMyAFh/6sSufl8vGsLCCJ

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Adds Run key to start application

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks