General

  • Target

    60a4c5a432b4e519acb03b05a8d0ca5ca96f5b0213ec9cc89d66b61ffdbe0edd

  • Size

    230KB

  • Sample

    241120-zwlb4ssgqd

  • MD5

    2d097104f900cea49dba01d01eb75388

  • SHA1

    7e7a7c380172d93f487539ccb277d838ac2950c7

  • SHA256

    60a4c5a432b4e519acb03b05a8d0ca5ca96f5b0213ec9cc89d66b61ffdbe0edd

  • SHA512

    639c665fbf18bc5bcacc4e6eee5c99e220aeb96fa35239c19410e3c10cb426c8a41a35d45fda6038b0be42ffb8d3afea19fd5ccb01625a93d1b86d972162297f

  • SSDEEP

    6144:yg2k4itGiL3HJk9ND7b4hG4ux6N5WHWDJb:ygjQitkD7b4lq12

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://moisesdavid.com/qoong/vy/

exe.dropper

http://insurancebabu.com/wp-admin/iXElcu9f/

exe.dropper

http://rishi99.com/framework.impossible/dhADGeie6/

exe.dropper

https://www.alertpage.net/confirmation/2nX/

exe.dropper

https://anttarc.org/chartaxd/DMBuiwf5u/

Targets

    • Target

      60a4c5a432b4e519acb03b05a8d0ca5ca96f5b0213ec9cc89d66b61ffdbe0edd

    • Size

      230KB

    • MD5

      2d097104f900cea49dba01d01eb75388

    • SHA1

      7e7a7c380172d93f487539ccb277d838ac2950c7

    • SHA256

      60a4c5a432b4e519acb03b05a8d0ca5ca96f5b0213ec9cc89d66b61ffdbe0edd

    • SHA512

      639c665fbf18bc5bcacc4e6eee5c99e220aeb96fa35239c19410e3c10cb426c8a41a35d45fda6038b0be42ffb8d3afea19fd5ccb01625a93d1b86d972162297f

    • SSDEEP

      6144:yg2k4itGiL3HJk9ND7b4hG4ux6N5WHWDJb:ygjQitkD7b4lq12

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks