General

  • Target

    e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694

  • Size

    227KB

  • Sample

    241109-1eg4sssgnn

  • MD5

    c67dbece750d67ee28ee6d8b07c21fb0

  • SHA1

    dfba02c2a620cb2eaea42f735122a9e4539a7d76

  • SHA256

    e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694

  • SHA512

    e5e71272f5af10e4d179498a8aaf4c07a01ed8145c4d795a69142018e1a405b7228b630925586581a8ded37c7e47b0a258d7fc916168be9edc552c1a82184679

  • SSDEEP

    3072:EBj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkJyA8fowJIVh9:EBHgtEWPsL/aTyT9GkAA8fowJmh9

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://iraniansk.com/wp-content/rm1q_q6x4_l5/

exe.dropper

http://kachetemarketing.com/cgi-bin/9yxsy_nq02_x2tv/

exe.dropper

http://kinotheque.com/wp-includes/aidu_9c8_rrlp/

exe.dropper

https://onyourleftracing.com/cgi-bin/fotes_4l_enxguwo/

exe.dropper

http://slimgenemd.com/hqzfg/z_ya_xkjx5/

Targets

    • Target

      e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694

    • Size

      227KB

    • MD5

      c67dbece750d67ee28ee6d8b07c21fb0

    • SHA1

      dfba02c2a620cb2eaea42f735122a9e4539a7d76

    • SHA256

      e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694

    • SHA512

      e5e71272f5af10e4d179498a8aaf4c07a01ed8145c4d795a69142018e1a405b7228b630925586581a8ded37c7e47b0a258d7fc916168be9edc552c1a82184679

    • SSDEEP

      3072:EBj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkJyA8fowJIVh9:EBHgtEWPsL/aTyT9GkAA8fowJmh9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks