6cb6602f7eda3c89e51f7b51e1da06692c24fd26758b8920fdb55b37900c0713 | Triage

Sharing

General

Target

6cb6602f7eda3c89e51f7b51e1da06692c24fd26758b8920fdb55b37900c0713
Size

7.7MB
Sample

241118-ekkafsxgjc
MD5

119b7e2f97b20ba80fc18f1b961faada
SHA1

0340e3e1f446ac2532d5ed602ed5a24739292f34
SHA256

6cb6602f7eda3c89e51f7b51e1da06692c24fd26758b8920fdb55b37900c0713
SHA512

fe8b5f517fd1606460ca0e3920765217503185aac0de5f01c94c7359ed3c476e44ac86003db1e374977f41f6808b9574e95990bd57ac908927bfefca4dec6ea3
SSDEEP

196608:uctGLFnjWpCQuJTb20PrWXzEOhFc7EhQjhDU:uNGHE32Erbe2ghI1U

Score

10^/10

execution link qr

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://admin.xunhuweb.com

Targets

- Target
  
  zibll/action/comment.php
- Size
  
  8KB
- MD5
  
  dc0f00c03b5d014313304500aeb2c7f7
- SHA1
  
  1d0db2a4448071c757a6d94b444eaaf6fb151bc7
- SHA256
  
  50bd49047f122dc88c2d99e295764f70ba93ec72c7260fc999ee223fb426bbcf
- SHA512
  
  ee36f9ad2d63c759357c1446ed612fc787b0b904f2105e215ea554bfa6ece871da37a08989f4ec3a084b1681dad1539b84a5b01455f0a74f0023f2db4d031b0a
- SSDEEP
  
  192:IMZ1EUE+wv53M+rE0jrLxFNM8fE0j2oRIUVxfygT/4Oxika6oN+D2tCYc:GoSXgExFyzp6Ci
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  zibll/action/user.php
- Size
  
  24KB
- MD5
  
  43d390e7bbbff56425542683c8df934b
- SHA1
  
  3163df9f46d5f1174a9344f63fd62bd82bda1cd5
- SHA256
  
  278da80c91c370fff73d8f0d6a3d3c1083c6b78f4d5af10f7a89fda9ec10238c
- SHA512
  
  9953ff6c248cfa8e87ea41cab47b8e9f55c59e9c1ba2f4a6aceca59cf4b83ccc535d55a5609cb1f8d7fe2aaf853f0d59ab7d7f1f9518afb12cd3d103056c5d88
- SSDEEP
  
  384:Twy4ad8MaL9UO9nPCqo2xPlNYz+tdWdmOjk3PaIS9iOqHDWqHDOh:+zNb5DVe
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  zibll/go.php
- Size
  
  6KB
- MD5
  
  5107ba75f32564b1a26299361e5de1a7
- SHA1
  
  ed5bad7d70b61124a6047b3b559cf45a29d5847d
- SHA256
  
  14a370550526d618d9ac7b666aa7d4aa5ce437eba753cb7b2444bc0ab5bffcdd
- SHA512
  
  4b62757ab03b20ca7a278091e3e75f699713609e4c0e15e98176fd5c206e71b58a1be66005e85d7fc7699f9e49fbe026b054a62c55d0d165c236eff6628794fc
- SSDEEP
  
  192:IyZH9uUNXKOGnW+Wuedczu+CQRfQRv4ReyJ8r:vGnWrcy++
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  zibll/inc/class/SignatureHelper.php
- Size
  
  3KB
- MD5
  
  4ce6d450410b8f51f15252e0877731b5
- SHA1
  
  b31e223524685d9173afb4f12dab9043b304fce2
- SHA256
  
  5e6a076566c15cf0b267221c4b83bf06d327f16efd3a958ed3b9ecc6765bb7da
- SHA512
  
  1401b909219d47f3d2a6415d0acd015d7bf603269807f4f580d183893906dfa6a82ca9779cb771d9fa1785f542773907f7f7629c79ca95f1d6bf8ca0eb4094ec
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  zibll/inc/class/file-class.php
- Size
  
  51KB
- MD5
  
  675dbd3f5a28b2a53139040be3b23e6c
- SHA1
  
  716bc32b6dd689ed4cf1a9adb9294e4336e12ad7
- SHA256
  
  bad499165d35946a79d12576f81c51c4b00139a5fc9d8a988de03f363f2482cd
- SHA512
  
  4dd9bafc2b3cb5be788c6a57827e78381dada7e2277f50045a4d4a9e9e9bd381b21499ffbbd24ddf3a1a8fbcc2757d2c20acaf04135f24a024510b71c1dcb080
- SSDEEP
  
  384:8QRLrOgO070bgNaO+jCuTirHu+K3VRPyCUBWO70UUQrho6bmQdbSo268SK6+SMTD:8QR/JO07CYaO+jCBO+QzyCUCU7Toyw
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  zibll/inc/class/qrcode.class.php
- Size
  
  107KB
- MD5
  
  5e006740ba87e8dec27ed735081222ba
- SHA1
  
  c552a6635dd706c9730447b51139d9a9e95bbf26
- SHA256
  
  76161de64e48c9737c835b77dad593128e362c7aa493a0110541f907a3546691
- SHA512
  
  cd9f3c5744ab4e9fc8fac75f18da0eef662bdc47f3bbdd8eba1e070f8583f023570043e9a9ebc8812c46242f3c6af0f3450784c68f93f444c423b1d9801446e1
- SSDEEP
  
  1536:4yHgwobHl/0f0f0feNwXQFGk3viOXTCezJwkTK1ENcqRNWUFrvue:jgrznkENcqRXH
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  zibll/inc/class/sms-class.php
- Size
  
  16KB
- MD5
  
  f0c6f0096248a79f251baf43532683fa
- SHA1
  
  d789e13997fdd1ec4c847594170de0c28f14c116
- SHA256
  
  3b97468f928a7621feac4d8bf1af32b8157613605cbc879570dfb79e31b2995f
- SHA512
  
  f119a718984b45bfb5d4b6163f0ab125524c87ebd78b41449f733df035bf3c29bdcee909e9e3056d6d436ba42f45c709a84908b0d3f5158f9f08f32d65838cf9
- SSDEEP
  
  192:cmkztLAbgEZNqPmLb0vmDEyf4ScjO7GMkBlUwPYjo7GwkCDDY4mIken9pNzbFeEC:ktKvP0ryrsiAPXoen9pNzsEbkh
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  zibll/inc/codestar-framework/assets/js/gutenberg.js
- Size
  
  2KB
- MD5
  
  6a6bcb28bea97ce6c9f61d52ac68b55c
- SHA1
  
  3e5407af119c9d00d857d14547772d414a926964
- SHA256
  
  b8a2f3671ef927a69f6ba6b1ec137fb5c25d24e8bd394d05c79ad30d3791304f
- SHA512
  
  e50313a64b61a9ed7096c3c00a495f046028773a78fb184cf127c256a93f3ad937cca9753fb34c5f44639aa548d661f459eb82f8162bb216caaaa2cb67514071
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  zibll/inc/codestar-framework/assets/js/main.js
- Size
  
  116KB
- MD5
  
  7beba4c34abc40c600d35050f122481e
- SHA1
  
  7aa4123586f512374e7e7ecbe5c77cae31ed32e2
- SHA256
  
  b6ecd3b712bcf9ffad9d8442dc0b8e0cc9c4081aa4d8b867dd12d08bf7367d93
- SHA512
  
  b7efe7c5357472ca878d00e2ae87fa81a1c75df36c7aae184e120cda466d8570db8551dbd72c2a37f738fa53cad1a2949c084d466bb1720a8c417bd6c4560cf7
- SSDEEP
  
  1536:Y6qWvMoZQYW94308u23tVVngN8LEOrFEvrzSgEQzC5TPB:LZhJeNMSJRzC5l
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  zibll/inc/codestar-framework/assets/js/main.min.js
- Size
  
  45KB
- MD5
  
  864ade7234f0c510a4d9f01bb78544c1
- SHA1
  
  ae9297c0971925e98cd164cc7bf529e385b1ec63
- SHA256
  
  6f454e0fde1d69b845d299906977dd48b4f36576ef3b0d5256b90308b97de94c
- SHA512
  
  0efc5afbde9235a072777f1ca6ec66252ae92ac20136883dd8a037e024232022b0ffa330ac635279e1b94d60b9cfee253dcab54dda2a58d24e7af9841f6e7f36
- SSDEEP
  
  768:1yuD/yhyFpTA1NyJnkkvyByyOzDZw7pzQX9Wjz4qHLoKrEauz:1yuDakTA1NyJhyBtzmsz4qroKrEauz
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  zibll/inc/codestar-framework/assets/js/plugins.js
- Size
  
  65KB
- MD5
  
  ae1f2460db78a83bb5ece4ef54710307
- SHA1
  
  93be62372efc86c07452c03faeee929cd16caa41
- SHA256
  
  984ecd9ea27f5130d3a8eff76c2ac49f0a801b82ed5d91d765893f154a8e17af
- SHA512
  
  16017cfb6a2c43777800dd0428dd44bb297984798667b431657735650606d8e5e44e14a9664c4d874c2f63a75eef6fdfc4dc0a3fd01214d97d52a8e2b34e2fe4
- SSDEEP
  
  768:OTtPknoi8obXt37SUuvHLW+lt6o6Yy8UUPNw/NHYGEPQtqmIrbWt0AQkD55HUeOB:OTRXVEwoxYyrUPNw/NHYCr6AQKUU0
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  zibll/inc/codestar-framework/assets/js/plugins.min.js
- Size
  
  37KB
- MD5
  
  e857a2941d5424299508f678969e390d
- SHA1
  
  d6487a3d6375c85488aadfdd16321ac8a3ef3599
- SHA256
  
  caff5c98fc226efae558d9417abd61809ec443bc714e59ea2b6d6a5faeeb46d2
- SHA512
  
  dc7c4247fa7cadf441e96f62248b50596e803d3cca59f2fb5c838d4dc307b08240e25191e8766f7e1a7b3f26a56ed259762e8b36bb6bfc8bc7ba08a2534cb980
- SSDEEP
  
  768:JBBDlsrptj96umwogXeVSBHN8gzwISZPfsu0IgrmxJ47eRx:JBBIpR/QEBHN8g5SZPfsu0lqxJz
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  zibll/inc/codestar-framework/classes/admin-options.class.php
- Size
  
  25KB
- MD5
  
  81af0f9b27753f687f697044b0f3ac4a
- SHA1
  
  84a42934869de6cd58736037e68beae3fa14fb55
- SHA256
  
  acd7284c7559f8b9c7b28fa0eacd957b995a616d20584f20da827d573d853c4c
- SHA512
  
  d814e38e01ec70bc00198ff4067ee4b1ad39777d2cab446891655b55436f0f23283d2ff8988778c6a8e1c4803dbe86039762e1ee70b130e7ed7080a625956763
- SSDEEP
  
  768:Wi4Y0eUaNDNgKZwZFvem4Virh0vZrSfKGr3W1XZFrE+:4eUaNDNgKZwZFvemUiavZrSfKGr3W1HL
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  zibll/inc/codestar-framework/classes/customize-options.class.php
- Size
  
  8KB
- MD5
  
  6952cc089824e89643af4bdab0b9a3f2
- SHA1
  
  2d4994505c9866a72b75f10d97a1f9f7fed8836f
- SHA256
  
  9799a39d494c4dc43a02001f0267c3452ad51c0b5ff1d2ccf398dfeae253a01c
- SHA512
  
  872c39c958b4c71f1188706b25ac5a9fdd77307787b293ac0665d9fc09cfe42278357250d8811a62988909e6a816c9568c23464e1d4958229455469fa5a85fb6
- SSDEEP
  
  192:YcrckaiiyiHDQ/yWDv6DYnJD2x90NfjAlmW:YcTdET0Y
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  zibll/inc/codestar-framework/classes/metabox-options.class.php
- Size
  
  14KB
- MD5
  
  a498f827171db9a60ba8adb0be411853
- SHA1
  
  145e7c46e83f67877920b4ccc5172a98f7abd6c5
- SHA256
  
  17175d990c2a2f74eaf11d75f287b7a87ff7092ffee90696577c9115da11a080
- SHA512
  
  0e69627fd8be0797d9aa569c9613780937f99a34a8954b5b7421996827c96b361a0df042d54df9d4d52f535b8213a48348f33b394b138e81695fbecd4225708b
- SSDEEP
  
  384:JFHRt3vBU8tm0WjXAjrvLt5B83V/OdaJpi1O7PKnXfQx/+PtXF2:7HRt3vBU8ttWjXAHTwOdaJpig
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  zibll/inc/codestar-framework/classes/shortcode-options.class.php
- Size
  
  12KB
- MD5
  
  891a87996b9ee3a4b3cbe5ad210a82ba
- SHA1
  
  d0d1d3f43f73be59cb2a0bcffb33ce1e3d76e26c
- SHA256
  
  c9f2e12a5f64433910ee9b3a09959866733610a9e9a47c82e68f2845c53dea80
- SHA512
  
  5534635cbada84cd90f2b6632dbf77888e391a9e108f09f2141e2be875f1e7eadf5298dcac03ea3a45757f0b2f659e404b9cb8c2d914ff0e85460be6fa037ada
- SSDEEP
  
  192:q5SKgDmWDe2FVybFE7eaO9aRO0S7h4Sh/VhYtM2/V2Zg2h5wcxSyvxZMYEZwiGD1:qEIE7eaOcR5WiShNhSM2N2J5wC1/
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32