General

  • Target

    cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa

  • Size

    196KB

  • Sample

    241113-2cwd3s1brq

  • MD5

    2289e0f218cb6590f6868c5946a5baa0

  • SHA1

    e9fba172f96477c1cc53eed86c5d231edc0fd6ce

  • SHA256

    cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa

  • SHA512

    9969d4755e32b245a6283a9e95858b34bbcc78b40c54e761ceeca999743e758e0b44a720ec7fe658fa4d2bf93e79a67764b03721a0b8b4602570016baf1866fa

  • SSDEEP

    3072:GQ2y/GdyDktGDWLS0HZWD5w8K7Nk90D7IBUzoWl6X/V5qzJO04od:GQ2k4DtGiL3HJk90D7bzzl6PLqFOBq

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://biswascreation.com/jodp17ksjfs/1flxhgo/

exe.dropper

https://expoblockchain2020.com/cgi-bin/2/

exe.dropper

https://mag-flex.com/wp-admin/xf8q/

exe.dropper

https://www.harriscustomcatering.com/wp-includes/jCItk01ogb/

exe.dropper

https://fdigitalsolutions.com/cgi-bin/mzqjn4h/

Targets

    • Target

      cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa

    • Size

      196KB

    • MD5

      2289e0f218cb6590f6868c5946a5baa0

    • SHA1

      e9fba172f96477c1cc53eed86c5d231edc0fd6ce

    • SHA256

      cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa

    • SHA512

      9969d4755e32b245a6283a9e95858b34bbcc78b40c54e761ceeca999743e758e0b44a720ec7fe658fa4d2bf93e79a67764b03721a0b8b4602570016baf1866fa

    • SSDEEP

      3072:GQ2y/GdyDktGDWLS0HZWD5w8K7Nk90D7IBUzoWl6X/V5qzJO04od:GQ2k4DtGiL3HJk90D7bzzl6PLqFOBq

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks