General

  • Target

    8816a67f593f835f7fd9cce15428c29f4d8da1ccba9fbbca897130168d2169ea

  • Size

    213KB

  • Sample

    241113-169m5a1bkk

  • MD5

    5747b71a677a4ab572da9dc18254f4b8

  • SHA1

    e2897875f4238a4e2d4eaf0df54c8015f69c864b

  • SHA256

    8816a67f593f835f7fd9cce15428c29f4d8da1ccba9fbbca897130168d2169ea

  • SHA512

    49a9d40fb3359eecdd497f605bce2b605b27a50ca1ba823910eec603854965eee3ba78b076ad5856fd1e2af389efc72a4a082723be0425fc77b859e851409d87

  • SSDEEP

    3072:6n2y/GdyYktGDWLS0HZWD5w8K7Nk9CD7IBUNY9a1nYnz4jkX0VasGc9uYuHs:6n2k42tGiL3HJk9CD7bY0V9GMfu

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/

exe.dropper

http://bikerzonebd.com/wp-admin/89gw/

exe.dropper

http://shptoys.com/_old/bvGej/

exe.dropper

http://www.vestalicom.com/facturation/qgm0t/

exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      8816a67f593f835f7fd9cce15428c29f4d8da1ccba9fbbca897130168d2169ea

    • Size

      213KB

    • MD5

      5747b71a677a4ab572da9dc18254f4b8

    • SHA1

      e2897875f4238a4e2d4eaf0df54c8015f69c864b

    • SHA256

      8816a67f593f835f7fd9cce15428c29f4d8da1ccba9fbbca897130168d2169ea

    • SHA512

      49a9d40fb3359eecdd497f605bce2b605b27a50ca1ba823910eec603854965eee3ba78b076ad5856fd1e2af389efc72a4a082723be0425fc77b859e851409d87

    • SSDEEP

      3072:6n2y/GdyYktGDWLS0HZWD5w8K7Nk9CD7IBUNY9a1nYnz4jkX0VasGc9uYuHs:6n2k42tGiL3HJk9CD7bY0V9GMfu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks