cbe211b861dc2be493adca32c4aee58497cfff1ddc12eaae2674d29f5c17cd05 | Triage

Sharing

General

Target

cbe211b861dc2be493adca32c4aee58497cfff1ddc12eaae2674d29f5c17cd05
Size

182KB
Sample

241120-alkv6a1kek
MD5

e8a18b46b455212871125295f28dcedb
SHA1

a7155f42dbe76fa85dbe418875668a63d411812c
SHA256

cbe211b861dc2be493adca32c4aee58497cfff1ddc12eaae2674d29f5c17cd05
SHA512

ff551cc8a61dd89415d3a276c4801f146825fecd00ef5a1c92a8d8962c09e68dc8a0237ea15d5a14d26c5a6cf86981484c5ce3e812e922a769059999319eea16
SSDEEP

3072:iy2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBU4gmGhhjn98:iy2k44tGiL3HJk9AGD7b4gm6hjny

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://hanserefelektrik.com/wp-content/o0zEZ17669/

exe.dropper

http://governessfilms.com/cgi-bin/gnbw2/

exe.dropper

http://forming-a.com/mysql/0s53/

exe.dropper

http://harbour-springs.webonlinepro.com/cgi-bin/pdviP01/

exe.dropper

http://gomitra.com/aspnet_client/xkwsJj/

Targets

- Target
  
  cbe211b861dc2be493adca32c4aee58497cfff1ddc12eaae2674d29f5c17cd05
- Size
  
  182KB
- MD5
  
  e8a18b46b455212871125295f28dcedb
- SHA1
  
  a7155f42dbe76fa85dbe418875668a63d411812c
- SHA256
  
  cbe211b861dc2be493adca32c4aee58497cfff1ddc12eaae2674d29f5c17cd05
- SHA512
  
  ff551cc8a61dd89415d3a276c4801f146825fecd00ef5a1c92a8d8962c09e68dc8a0237ea15d5a14d26c5a6cf86981484c5ce3e812e922a769059999319eea16
- SSDEEP
  
  3072:iy2y/GdyaktGDWLS0HZWD5w8K7Nk9AGD7IBU4gmGhhjn98:iy2k44tGiL3HJk9AGD7b4gm6hjny
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2