General

  • Target

    ee608bd24b903bca3c47a34ad94e8dd995b99458e0a06b459a76acef8365657f

  • Size

    213KB

  • Sample

    241113-zt1n1sygph

  • MD5

    1055aec3fcf020f2b1c30f621b74305d

  • SHA1

    3535991115965a4ba02bba48b63b1cd3e333357f

  • SHA256

    ee608bd24b903bca3c47a34ad94e8dd995b99458e0a06b459a76acef8365657f

  • SHA512

    44e8451c96cdbc95f0220185fa441157bae9f9a6e3d4383023d1a415dec3cc2f2a55d486c15650070e82ac07c8b904a7fc716a9de589014cbaf5f7abaa17f7e0

  • SSDEEP

    6144:A/2k44tGiL3HJk9bD7bWjLDPWvCoqIFDL:A/hQitkZ7b8yDL

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      ee608bd24b903bca3c47a34ad94e8dd995b99458e0a06b459a76acef8365657f

    • Size

      213KB

    • MD5

      1055aec3fcf020f2b1c30f621b74305d

    • SHA1

      3535991115965a4ba02bba48b63b1cd3e333357f

    • SHA256

      ee608bd24b903bca3c47a34ad94e8dd995b99458e0a06b459a76acef8365657f

    • SHA512

      44e8451c96cdbc95f0220185fa441157bae9f9a6e3d4383023d1a415dec3cc2f2a55d486c15650070e82ac07c8b904a7fc716a9de589014cbaf5f7abaa17f7e0

    • SSDEEP

      6144:A/2k44tGiL3HJk9bD7bWjLDPWvCoqIFDL:A/hQitkZ7b8yDL

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks