General

  • Target

    74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc

  • Size

    177KB

  • Sample

    241120-yxr1lstakl

  • MD5

    6d801d954271f11111d92b722ecf451d

  • SHA1

    35c3e6ae44e5b268fd5a8aa4f86339b46781261d

  • SHA256

    74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc

  • SHA512

    85dbe6b556052333c94446575d6e5108e05bfd32d8750d455973d8336cf518de886661a6e46726cedb7cb22569bf7c25aaa05e095da4027ae302c730d0792663

  • SSDEEP

    3072:y72y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU6ZB0zstySfNllXe:y72k43tGiL3HJk96D7bs0z0rllX

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/

exe.dropper

http://bikerzonebd.com/wp-admin/89gw/

exe.dropper

http://shptoys.com/_old/bvGej/

exe.dropper

http://www.vestalicom.com/facturation/qgm0t/

exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc

    • Size

      177KB

    • MD5

      6d801d954271f11111d92b722ecf451d

    • SHA1

      35c3e6ae44e5b268fd5a8aa4f86339b46781261d

    • SHA256

      74ffc7a97a4840221c7e8c3892ff054a087db1bd136beffa5848846a3caa3fcc

    • SHA512

      85dbe6b556052333c94446575d6e5108e05bfd32d8750d455973d8336cf518de886661a6e46726cedb7cb22569bf7c25aaa05e095da4027ae302c730d0792663

    • SSDEEP

      3072:y72y/GdynktGDWLS0HZWD5w8K7Nk96D7IBU6ZB0zstySfNllXe:y72k43tGiL3HJk96D7bs0z0rllX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks