General

  • Target

    6c77c554a26383a64c602c5703337a4b2a916cfdba5a3588ce5f6100ceaa00c5

  • Size

    213KB

  • Sample

    241113-zym9gszbkm

  • MD5

    99cca3bbc944e4fd23ae3a2d368aea0c

  • SHA1

    b0e2ca1d4ce75a916c7117d35a03bd24ac094278

  • SHA256

    6c77c554a26383a64c602c5703337a4b2a916cfdba5a3588ce5f6100ceaa00c5

  • SHA512

    9f72523fd4916818eaf72848f123e1ba27ed6547d9294df65875faee5b60c46d5c3b4b9c4d695cd33d10421077c4fa251784e37f69afbf438deb2f792a45f3eb

  • SSDEEP

    3072:QM2y/GdyYktGDWLS0HZWD5w8K7Nk9aD7IBURY9a1dznz4jpX0masGc9uquH:QM2k4GtGiL3HJk9aD7bA0m9GMBu

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/

exe.dropper

http://bikerzonebd.com/wp-admin/89gw/

exe.dropper

http://shptoys.com/_old/bvGej/

exe.dropper

http://www.vestalicom.com/facturation/qgm0t/

exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      6c77c554a26383a64c602c5703337a4b2a916cfdba5a3588ce5f6100ceaa00c5

    • Size

      213KB

    • MD5

      99cca3bbc944e4fd23ae3a2d368aea0c

    • SHA1

      b0e2ca1d4ce75a916c7117d35a03bd24ac094278

    • SHA256

      6c77c554a26383a64c602c5703337a4b2a916cfdba5a3588ce5f6100ceaa00c5

    • SHA512

      9f72523fd4916818eaf72848f123e1ba27ed6547d9294df65875faee5b60c46d5c3b4b9c4d695cd33d10421077c4fa251784e37f69afbf438deb2f792a45f3eb

    • SSDEEP

      3072:QM2y/GdyYktGDWLS0HZWD5w8K7Nk9aD7IBURY9a1dznz4jpX0masGc9uquH:QM2k4GtGiL3HJk9aD7bA0m9GMBu

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks