General

  • Target

    8af776814a778a3cb932ff2ae370d1d02fc47c3959c243e170bb08c44ac9f089

  • Size

    142KB

  • Sample

    241120-z2733atldv

  • MD5

    d59046687deee1a8dc90e674f2db7388

  • SHA1

    675e0207e4d5973f5d67fd712b81c8299ca7f30e

  • SHA256

    8af776814a778a3cb932ff2ae370d1d02fc47c3959c243e170bb08c44ac9f089

  • SHA512

    14c0db04c72a51cf157159f156626f3ba40f0f63073a8a4292fb4d2e7f5d096343c52a93e07c3952f14f101972ca2b3775489bd1d103eb9424b2e03566459b0c

  • SSDEEP

    3072:F7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gx8:hcKoSsxzNDZLDZjlbR868O8K0c03D38J

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://rkeeperua.com/include/FXBsVAOd1U/

exe.dropper

http://pozhadvokat.com/images/QmZXA9kRUU8xZZF/

exe.dropper

http://queens.renovatiog.ltd/wp-includes/LDH/

exe.dropper

http://renovatiomarketing.com/renovatiomarketing.com/A/

exe.dropper

http://remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/

exe.dropper

http://ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/

exe.dropper

http://pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/

exe.dropper

http://dandtpremierhomes.com/eapn/lpN6dcAppn/

exe.dropper

http://keluargamalaysia.bliblah.com/cgi-bin/FUzc3KOKN3DNeee/

exe.dropper

http://crisbdev.com/wp-content/2dmXYgLVdkV/

Targets

    • Target

      8af776814a778a3cb932ff2ae370d1d02fc47c3959c243e170bb08c44ac9f089

    • Size

      142KB

    • MD5

      d59046687deee1a8dc90e674f2db7388

    • SHA1

      675e0207e4d5973f5d67fd712b81c8299ca7f30e

    • SHA256

      8af776814a778a3cb932ff2ae370d1d02fc47c3959c243e170bb08c44ac9f089

    • SHA512

      14c0db04c72a51cf157159f156626f3ba40f0f63073a8a4292fb4d2e7f5d096343c52a93e07c3952f14f101972ca2b3775489bd1d103eb9424b2e03566459b0c

    • SSDEEP

      3072:F7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gx8:hcKoSsxzNDZLDZjlbR868O8K0c03D38J

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks