General

  • Target

    fd66b0dd872a8a6623b50ed92e2eb37fe5faa88c2ceb20ec66fc3c2a6dedc2db

  • Size

    177KB

  • Sample

    241113-166lgatnep

  • MD5

    7ce664427cab3b22d32f9cdcfea96e02

  • SHA1

    a36d3caca1c9174388ebba55abb83a621114cd1e

  • SHA256

    fd66b0dd872a8a6623b50ed92e2eb37fe5faa88c2ceb20ec66fc3c2a6dedc2db

  • SHA512

    68d298bc5372c592f168dd4163bb373d9cc085af4b7e896ea15872bc08f705becd7ade397fe2dc73e1a071ec0e90acc2190ee2ffb3729d18bf0d964eac81d974

  • SSDEEP

    3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXe:/L2k43tGiL3HJk96D7br0z0rllX

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/

exe.dropper

http://bikerzonebd.com/wp-admin/89gw/

exe.dropper

http://shptoys.com/_old/bvGej/

exe.dropper

http://www.vestalicom.com/facturation/qgm0t/

exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      fd66b0dd872a8a6623b50ed92e2eb37fe5faa88c2ceb20ec66fc3c2a6dedc2db

    • Size

      177KB

    • MD5

      7ce664427cab3b22d32f9cdcfea96e02

    • SHA1

      a36d3caca1c9174388ebba55abb83a621114cd1e

    • SHA256

      fd66b0dd872a8a6623b50ed92e2eb37fe5faa88c2ceb20ec66fc3c2a6dedc2db

    • SHA512

      68d298bc5372c592f168dd4163bb373d9cc085af4b7e896ea15872bc08f705becd7ade397fe2dc73e1a071ec0e90acc2190ee2ffb3729d18bf0d964eac81d974

    • SSDEEP

      3072:/L2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUPZB0zstySfNllXe:/L2k43tGiL3HJk96D7br0z0rllX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks