df24b2f5c2ce4cd248c1c714bfc244d420f17a5e8805b21d3ef841fc2d23ab3a | Triage

Sharing

General

Target

df24b2f5c2ce4cd248c1c714bfc244d420f17a5e8805b21d3ef841fc2d23ab3a
Size

181KB
Sample

241120-qxzrfsxngs
MD5

d3a699a3e0b8a6f018baa385778af960
SHA1

4fdaf35219d07734e12bc3e6198d40e5690c4a6f
SHA256

df24b2f5c2ce4cd248c1c714bfc244d420f17a5e8805b21d3ef841fc2d23ab3a
SHA512

d57541a2016a4f830bab873163c381f022535391eaf6f12e46fc4d691da02a17d1b3e18f1b0efb638a9a77b1dde63601abd087972354a5b20b9fbbc03f6c13f8
SSDEEP

3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7n:9NO2k4PF7tGiL3HJk9rD7bdasiv86T

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  df24b2f5c2ce4cd248c1c714bfc244d420f17a5e8805b21d3ef841fc2d23ab3a
- Size
  
  181KB
- MD5
  
  d3a699a3e0b8a6f018baa385778af960
- SHA1
  
  4fdaf35219d07734e12bc3e6198d40e5690c4a6f
- SHA256
  
  df24b2f5c2ce4cd248c1c714bfc244d420f17a5e8805b21d3ef841fc2d23ab3a
- SHA512
  
  d57541a2016a4f830bab873163c381f022535391eaf6f12e46fc4d691da02a17d1b3e18f1b0efb638a9a77b1dde63601abd087972354a5b20b9fbbc03f6c13f8
- SSDEEP
  
  3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7n:9NO2k4PF7tGiL3HJk9rD7bdasiv86T
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2