General

  • Target

    71dc7b3ec20fe14ce87e29bb46815dd2ba908ca055dd70b5ae9c89cb7cd3030a

  • Size

    213KB

  • Sample

    241113-z16tlssnbn

  • MD5

    a4f582397c917fdc2205790070b5e456

  • SHA1

    1cf988f8ce253f33a779cb13dc83f4a2d667b291

  • SHA256

    71dc7b3ec20fe14ce87e29bb46815dd2ba908ca055dd70b5ae9c89cb7cd3030a

  • SHA512

    f8bb380b4ba0859c954c867ec9e269cb51dbd8558be4365f243ffe26eeebf464d3981ba0211876cd259268f0136d62910bb75384d582c08965d2a4ce10921361

  • SSDEEP

    3072:kv2y/GdyUktGDWLS0HZWD5w8K7Nk9hD7IBULY9a1jVP4Da3+9cShZ:kv2k4ytGiL3HJk9hD7bd3HSh

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://trendinformatica.eu/arcfabrics/i88ixy9/

exe.dropper

http://theomelet.com/wp-content/fQd/

exe.dropper

http://kgd898.com/wp-admin/h45mi/

exe.dropper

http://idealssschang.com/calendar/60PcB/

exe.dropper

http://happiness360degree.com/wp-admin/fj/

Targets

    • Target

      71dc7b3ec20fe14ce87e29bb46815dd2ba908ca055dd70b5ae9c89cb7cd3030a

    • Size

      213KB

    • MD5

      a4f582397c917fdc2205790070b5e456

    • SHA1

      1cf988f8ce253f33a779cb13dc83f4a2d667b291

    • SHA256

      71dc7b3ec20fe14ce87e29bb46815dd2ba908ca055dd70b5ae9c89cb7cd3030a

    • SHA512

      f8bb380b4ba0859c954c867ec9e269cb51dbd8558be4365f243ffe26eeebf464d3981ba0211876cd259268f0136d62910bb75384d582c08965d2a4ce10921361

    • SSDEEP

      3072:kv2y/GdyUktGDWLS0HZWD5w8K7Nk9hD7IBULY9a1jVP4Da3+9cShZ:kv2k4ytGiL3HJk9hD7bd3HSh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks