General

  • Target

    a5b510a8622fa550ad9b0a48d4201e286b1f446aa6fb78c5b4274c11a07ff4d0

  • Size

    93KB

  • Sample

    241113-qjxd6swkaj

  • MD5

    c08c3d67e20e99c17a637cadba03315a

  • SHA1

    61d008ea4fd80eef016cf37c26a9b3c530ac0ebe

  • SHA256

    a5b510a8622fa550ad9b0a48d4201e286b1f446aa6fb78c5b4274c11a07ff4d0

  • SHA512

    8b2e34f1af8d22368b02b1b43301159ab7e2b7a9ccca8ce4c120b2eaafa147e1609c3e46958a4c2c14f9497daa8001c8ca452fe3a5f65a0ecb81c06b33710222

  • SSDEEP

    1536:sNS5Hh32p9FVcnvuEKNqDr9zQ9lK6bPZoz9PasqxkEw/bUvjNNw8tt7S+YhYm+Ml:UGFMFVcnvuEBP9zQ9lrZm9PL4Ry5+6pR

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://parakkunnathtemple.com/bckup/7SDAvi/

exe.dropper

http://helionspharmaceutical.com/wp-admin/oXJB/

exe.dropper

https://accordiblehr.com/wp-admin/HdzyEn/

exe.dropper

https://snjwellers.com/wp-includes/esttW/

exe.dropper

https://norailya.com/vendor/1j/

exe.dropper

https://whytech.info/wp-includes/HceUxFK/

exe.dropper

http://resuco.net/wp-content/uploads/2020/12/S0K/

Targets

    • Target

      e6e59fd682d1212c1b789365f92e5a5e778ca20f2d16440ec6f5b46ddb85d431

    • Size

      190KB

    • MD5

      67777f4603f15b8e2e4d7c1d53afb10d

    • SHA1

      681f83498c6066c28fcc6f6dbd11a6c44656e6c3

    • SHA256

      e6e59fd682d1212c1b789365f92e5a5e778ca20f2d16440ec6f5b46ddb85d431

    • SHA512

      f5736d0d74b56c87de123224b63a610254c297850e03d70d9fcf4ad4f1c99450808c8f088410fae0790289a7e64064fc1bbed4c394abed2304ff6f549efc3281

    • SSDEEP

      3072:N9ufstRUUKSns8T00JSHUgteMJ8qMD7gD0DbuQqjJjq8ypsUS8:N9ufsfgIf0pLIHpqjJjq8ypsUS8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks