General

  • Target

    1d49809b41e3bef995cac190b10a4143d5e694e5dcdead41efa61ee0e68e5756

  • Size

    230KB

  • Sample

    241113-16d68a1arn

  • MD5

    08ab4a376788bb54533a1c8ce27c6dd7

  • SHA1

    9dbccbcd9a35e767030f63360b5da9bc18956f16

  • SHA256

    1d49809b41e3bef995cac190b10a4143d5e694e5dcdead41efa61ee0e68e5756

  • SHA512

    88626ee49db96750d8739e143542bea9199bc525281fd5bba2a6c65a67f82247c3c0a3e555d0e715acdef925fa11d62d015a702370bcf5df9965ca6713eaf088

  • SSDEEP

    6144:rm2k4itGiL3HJk9ZD7bBplux6N5WHwDKJ:rmrQitkn7bdq1D

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://moisesdavid.com/qoong/vy/

exe.dropper

http://insurancebabu.com/wp-admin/iXElcu9f/

exe.dropper

http://rishi99.com/framework.impossible/dhADGeie6/

exe.dropper

https://www.alertpage.net/confirmation/2nX/

exe.dropper

https://anttarc.org/chartaxd/DMBuiwf5u/

Targets

    • Target

      1d49809b41e3bef995cac190b10a4143d5e694e5dcdead41efa61ee0e68e5756

    • Size

      230KB

    • MD5

      08ab4a376788bb54533a1c8ce27c6dd7

    • SHA1

      9dbccbcd9a35e767030f63360b5da9bc18956f16

    • SHA256

      1d49809b41e3bef995cac190b10a4143d5e694e5dcdead41efa61ee0e68e5756

    • SHA512

      88626ee49db96750d8739e143542bea9199bc525281fd5bba2a6c65a67f82247c3c0a3e555d0e715acdef925fa11d62d015a702370bcf5df9965ca6713eaf088

    • SSDEEP

      6144:rm2k4itGiL3HJk9ZD7bBplux6N5WHwDKJ:rmrQitkn7bdq1D

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks