General

  • Target

    7c46bd787ee92ba374970e4945a5998b70481e58536e946eb30af16461a41e92

  • Size

    248KB

  • Sample

    241113-z3vt5azbrr

  • MD5

    6ebc69252e49c49e7c72bd903d136cab

  • SHA1

    e69202ea1af97b1191e4be0f01ec979b81ea7224

  • SHA256

    7c46bd787ee92ba374970e4945a5998b70481e58536e946eb30af16461a41e92

  • SHA512

    d71ceafa828e6645613b3980f074f403813b2e26629bc63e9fa8dc28c885c08bde9d2f39e43e43a09c68ed0f1a328c9dae53bd3515220ec124cb7ad930b2a8a4

  • SSDEEP

    6144:Uq0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+d/geV9KLYE61sL:X0E3dxtR/iU9mvUPdYeCEECsL

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://farsmix.com/wp-admin/xpk881/

exe.dropper

http://thuong.bidiworks.com/wp-content/q2TO1988/

exe.dropper

https://securiteordi.com/wofk253jeksed/QO485/

exe.dropper

http://ziyinshedege.com/wp-content/TIGc/

exe.dropper

http://luilao.com/yakattack/EmXdYs3Rf/

Targets

    • Target

      7c46bd787ee92ba374970e4945a5998b70481e58536e946eb30af16461a41e92

    • Size

      248KB

    • MD5

      6ebc69252e49c49e7c72bd903d136cab

    • SHA1

      e69202ea1af97b1191e4be0f01ec979b81ea7224

    • SHA256

      7c46bd787ee92ba374970e4945a5998b70481e58536e946eb30af16461a41e92

    • SHA512

      d71ceafa828e6645613b3980f074f403813b2e26629bc63e9fa8dc28c885c08bde9d2f39e43e43a09c68ed0f1a328c9dae53bd3515220ec124cb7ad930b2a8a4

    • SSDEEP

      6144:Uq0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+d/geV9KLYE61sL:X0E3dxtR/iU9mvUPdYeCEECsL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks