General

  • Target

    3d6efe59037f7b5399b5ca0b40fa9ed242894f5be067473ef67c415fdac3fe08

  • Size

    12KB

  • Sample

    241121-2f5rxstjak

  • MD5

    246f6e341a018a190858461e5d70a3d5

  • SHA1

    ab7fc9fce66be0adab63ba60bced3917af44111c

  • SHA256

    3d6efe59037f7b5399b5ca0b40fa9ed242894f5be067473ef67c415fdac3fe08

  • SHA512

    ad27e2028b5f9c1bce4ae16a868cedf42ca2a76350189eb17d086f76774e84af1b38e6e1fc97ed9b91516822feac6061f2bfbb3697aad8ca7681d53052397d93

  • SSDEEP

    192:fSPwABUTshE2sOcupEZZezsHN3grRwyCawd2lYq0vGiENSqE7n+V63dWiiml:xTsdA2EGcoWat6qQ8JEy6NWc

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://84.252.122.205/xcx/system.exe

Targets

    • Target

      6ffda0323b69bb875a8360bcdd18b398a463d3de88bb11e6511a3b3bffe5b753

    • Size

      14KB

    • MD5

      70820ac2bb527bb0a10747a06d2c2b0b

    • SHA1

      7289b7ddcdcaa9450c27e1579f36d67a544cee80

    • SHA256

      6ffda0323b69bb875a8360bcdd18b398a463d3de88bb11e6511a3b3bffe5b753

    • SHA512

      64be67485be70ac5aa2539a88c9846282d7178e13a46895d4686ff0ce79378bf9ed4ee7bec00cb88abc0e2e8bb41a9b9ef38aa4ff25b4e4dc6334a96ad1ee4b5

    • SSDEEP

      384:A0z+vPw85+pkQ1z7fMc+8Pty4jZwENYBp7zMLmh:p+3ZgkKzDMCXjZwENmdKk

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks