36c9a50587eb2b745715265ea02f3c68374a490bf7575b639f546336e68cc78b | Triage

Sharing

General

Target

36c9a50587eb2b745715265ea02f3c68374a490bf7575b639f546336e68cc78b
Size

184KB
Sample

241120-z26j8sthkn
MD5

4a300be3cbaffa2f5086efdcf7cb5248
SHA1

187ec6c5af555513043136b3df4eb6dcc7fbcfa9
SHA256

36c9a50587eb2b745715265ea02f3c68374a490bf7575b639f546336e68cc78b
SHA512

c81fc78ed64c4270f4a64ffe4162e724059344160293cf5a8b109a2bd10eaaa84444c52e7c9b6ce18ea087a5ca5c18f0ea7a1a77988249be6359617f66c14a2c
SSDEEP

3072:2C2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUfoUH9CBjBoax5waA1NWBM0z7:2C2k4TtGiL3HJk9aD7bfoUH9CBjBoaxl

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://gobabynames.com/dz6r/xytx7/

exe.dropper

http://nhomkinhthienbinh.com/cgi-bin/yW/

exe.dropper

http://capitalcitycarwash.com/komldk65kd/7tz/

exe.dropper

http://compscischool.com/wp-content/8a1n/

exe.dropper

http://gianphoisonghong.com/wp-includes/AUWxwq1V2s/

Targets

- Target
  
  36c9a50587eb2b745715265ea02f3c68374a490bf7575b639f546336e68cc78b
- Size
  
  184KB
- MD5
  
  4a300be3cbaffa2f5086efdcf7cb5248
- SHA1
  
  187ec6c5af555513043136b3df4eb6dcc7fbcfa9
- SHA256
  
  36c9a50587eb2b745715265ea02f3c68374a490bf7575b639f546336e68cc78b
- SHA512
  
  c81fc78ed64c4270f4a64ffe4162e724059344160293cf5a8b109a2bd10eaaa84444c52e7c9b6ce18ea087a5ca5c18f0ea7a1a77988249be6359617f66c14a2c
- SSDEEP
  
  3072:2C2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUfoUH9CBjBoax5waA1NWBM0z7:2C2k4TtGiL3HJk9aD7bfoUH9CBjBoaxl
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2