6c7958924ddfc686f4a560ae0883ea8d0e54eab4e577a7559a8fcba08b2c259c | Triage

Sharing

General

Target

6c7958924ddfc686f4a560ae0883ea8d0e54eab4e577a7559a8fcba08b2c259c
Size

183KB
Sample

241120-vekxsszajf
MD5

b7aa98ea14b86ee61b4aab37ee530dbf
SHA1

e6b36857fe11c6bc2a0b36dd22e30c58fa03915e
SHA256

6c7958924ddfc686f4a560ae0883ea8d0e54eab4e577a7559a8fcba08b2c259c
SHA512

7e29bfebc8bdc682ac8d7d8809b2ef5f2c0b02563a89c5d5ba2922f954c64a61e881e1c1eef425a8c35a91b80273377ed5ad15b0becb2f6e270ac1d06e743f23
SSDEEP

3072:Yq2y/GdyLktGDWLS0HZWD5w8K7Nk9SD7IBUjx3T9gOA4ZDyGoHchNQiLZ:Yq2k47tGiL3HJk9SD7bjx3T9gOA4ZDy2

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://candsengg.com/wp-admin/ggn/

exe.dropper

https://evaskincomplex.com/wp-includes/B48dZmZ/

exe.dropper

https://florandina.com/wordpress.bk/lFu77Ma6/

exe.dropper

https://concatstring.com/__MACOSX/ByaZo/

exe.dropper

https://kashifclothhouse.com/wp-admin/3NLIj/

Targets

- Target
  
  6c7958924ddfc686f4a560ae0883ea8d0e54eab4e577a7559a8fcba08b2c259c
- Size
  
  183KB
- MD5
  
  b7aa98ea14b86ee61b4aab37ee530dbf
- SHA1
  
  e6b36857fe11c6bc2a0b36dd22e30c58fa03915e
- SHA256
  
  6c7958924ddfc686f4a560ae0883ea8d0e54eab4e577a7559a8fcba08b2c259c
- SHA512
  
  7e29bfebc8bdc682ac8d7d8809b2ef5f2c0b02563a89c5d5ba2922f954c64a61e881e1c1eef425a8c35a91b80273377ed5ad15b0becb2f6e270ac1d06e743f23
- SSDEEP
  
  3072:Yq2y/GdyLktGDWLS0HZWD5w8K7Nk9SD7IBUjx3T9gOA4ZDyGoHchNQiLZ:Yq2k47tGiL3HJk9SD7bjx3T9gOA4ZDy2
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2