6ed366709382f3870c1de2c896f3d4ea9b68f067ce324a25c5e9f6123ade8bf2 | Triage

Sharing

General

Target

6ed366709382f3870c1de2c896f3d4ea9b68f067ce324a25c5e9f6123ade8bf2
Size

182KB
Sample

241119-nvtrbavhjb
MD5

c0746953b8268cd28af34b3f260c9e90
SHA1

f5f79ceee9a9b5775c1b39d605834c060c8cbd5c
SHA256

6ed366709382f3870c1de2c896f3d4ea9b68f067ce324a25c5e9f6123ade8bf2
SHA512

24e79f4e18bb1b1ec89cf6e3e539d28adc9a55e12154fadcc4c1bffbdbb2815a82690ba58b71b5cc1ee05523ca56ed71f8cd0b4730ce61d07b0f868dca5a2dcf
SSDEEP

3072:9NX2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NX2k4PF7tGiL3HJk9rD7bdasiv86J

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  6ed366709382f3870c1de2c896f3d4ea9b68f067ce324a25c5e9f6123ade8bf2
- Size
  
  182KB
- MD5
  
  c0746953b8268cd28af34b3f260c9e90
- SHA1
  
  f5f79ceee9a9b5775c1b39d605834c060c8cbd5c
- SHA256
  
  6ed366709382f3870c1de2c896f3d4ea9b68f067ce324a25c5e9f6123ade8bf2
- SHA512
  
  24e79f4e18bb1b1ec89cf6e3e539d28adc9a55e12154fadcc4c1bffbdbb2815a82690ba58b71b5cc1ee05523ca56ed71f8cd0b4730ce61d07b0f868dca5a2dcf
- SSDEEP
  
  3072:9NX2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NX2k4PF7tGiL3HJk9rD7bdasiv86J
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2