0a06c737f2c12c6fc77ba1d2568c53f366c1da1a6a984a5e5aba4119e65ab89f | Triage

Sharing

General

Target

0a06c737f2c12c6fc77ba1d2568c53f366c1da1a6a984a5e5aba4119e65ab89f
Size

217KB
Sample

241120-1d6qrsvbml
MD5

2bb474ec071b8b4610fd7dabe372ee09
SHA1

03c0e6b3b032caf9d2506cb02e9e78be9e2475c8
SHA256

0a06c737f2c12c6fc77ba1d2568c53f366c1da1a6a984a5e5aba4119e65ab89f
SHA512

9eb989e81a6cd4798a57b34ffcc53e9d4bb7e6b8d3f9ed79b6fe2485f92124f350a3a79354a5ecaabb6ce79ab2b40024ac1f8cf12a8e6ea67fcb5bda4567a2f0
SSDEEP

6144:Rk2k4EtGiL3HJk9uD7b/pfg5Dfvj3iOE8B+nLZB3uj7i:RklQitkg7bh

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://amstaffrecords.com/individualApi/0/

exe.dropper

http://foozoop.com/wp-content/Qxi7iVD/

exe.dropper

http://7arasport.com/validatefield/gj/

exe.dropper

http://dev2.ektonendon.gr/cgi-bin/mTTCFmVe/

exe.dropper

https://diagnostica-products.com/wp-admin/hio2u7w/

Targets

- Target
  
  0a06c737f2c12c6fc77ba1d2568c53f366c1da1a6a984a5e5aba4119e65ab89f
- Size
  
  217KB
- MD5
  
  2bb474ec071b8b4610fd7dabe372ee09
- SHA1
  
  03c0e6b3b032caf9d2506cb02e9e78be9e2475c8
- SHA256
  
  0a06c737f2c12c6fc77ba1d2568c53f366c1da1a6a984a5e5aba4119e65ab89f
- SHA512
  
  9eb989e81a6cd4798a57b34ffcc53e9d4bb7e6b8d3f9ed79b6fe2485f92124f350a3a79354a5ecaabb6ce79ab2b40024ac1f8cf12a8e6ea67fcb5bda4567a2f0
- SSDEEP
  
  6144:Rk2k4EtGiL3HJk9uD7b/pfg5Dfvj3iOE8B+nLZB3uj7i:RklQitkg7bh
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2