General

  • Target

    bbf9ac12b9cd66716070403150bfdeff677276cfaf41c16ca502ea5ea5bcdb63

  • Size

    181KB

  • Sample

    241113-k5etcsykdw

  • MD5

    a75bfd043dc69e37be6b45e88ba01655

  • SHA1

    37d751eb2d4375c6dd59682599e8de3ba3146eb5

  • SHA256

    bbf9ac12b9cd66716070403150bfdeff677276cfaf41c16ca502ea5ea5bcdb63

  • SHA512

    e86f2819ea318b0dd840e196d998ec71f6a9bc60f17c337e27928c7c7f431595f9cf55e90514cb2348ad04d50fc20551e97f1a70816f5f8f7c57a730c9a9df50

  • SSDEEP

    3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7P:9NO2k4PF7tGiL3HJk9rD7bdasiv86b

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      bbf9ac12b9cd66716070403150bfdeff677276cfaf41c16ca502ea5ea5bcdb63

    • Size

      181KB

    • MD5

      a75bfd043dc69e37be6b45e88ba01655

    • SHA1

      37d751eb2d4375c6dd59682599e8de3ba3146eb5

    • SHA256

      bbf9ac12b9cd66716070403150bfdeff677276cfaf41c16ca502ea5ea5bcdb63

    • SHA512

      e86f2819ea318b0dd840e196d998ec71f6a9bc60f17c337e27928c7c7f431595f9cf55e90514cb2348ad04d50fc20551e97f1a70816f5f8f7c57a730c9a9df50

    • SSDEEP

      3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7P:9NO2k4PF7tGiL3HJk9rD7bdasiv86b

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks