6d66dc25fb069a43ca04adf00eece16f55d791b5cd44bb236937472f80f8f731 | Triage

Sharing

General

Target

6d66dc25fb069a43ca04adf00eece16f55d791b5cd44bb236937472f80f8f731
Size

184KB
Sample

241121-aqfr1awqcy
MD5

7eb6d8d961091ae592e051d5e424638e
SHA1

88921697521edca2a7252fed4e24f5acfbc82e21
SHA256

6d66dc25fb069a43ca04adf00eece16f55d791b5cd44bb236937472f80f8f731
SHA512

fa5abd3b805ccb926a6e4cdaaa3d6f65cb15e4dd9905ca80039b7b063631a80080ae9eaeba147a8698124986881d51f49860cf7b21229efffbc121e746ee3d7c
SSDEEP

3072:R+2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUeoUH9CBjBoax5waA1NWBM0zR:R+2k4TtGiL3HJk9aD7beoUH9CBjBoaxP

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://gobabynames.com/dz6r/xytx7/

exe.dropper

http://nhomkinhthienbinh.com/cgi-bin/yW/

exe.dropper

http://capitalcitycarwash.com/komldk65kd/7tz/

exe.dropper

http://compscischool.com/wp-content/8a1n/

exe.dropper

http://gianphoisonghong.com/wp-includes/AUWxwq1V2s/

Targets

- Target
  
  6d66dc25fb069a43ca04adf00eece16f55d791b5cd44bb236937472f80f8f731
- Size
  
  184KB
- MD5
  
  7eb6d8d961091ae592e051d5e424638e
- SHA1
  
  88921697521edca2a7252fed4e24f5acfbc82e21
- SHA256
  
  6d66dc25fb069a43ca04adf00eece16f55d791b5cd44bb236937472f80f8f731
- SHA512
  
  fa5abd3b805ccb926a6e4cdaaa3d6f65cb15e4dd9905ca80039b7b063631a80080ae9eaeba147a8698124986881d51f49860cf7b21229efffbc121e746ee3d7c
- SSDEEP
  
  3072:R+2y/GdyrktGDWLS0HZWD5w8K7Nk9aD7IBUeoUH9CBjBoax5waA1NWBM0zR:R+2k4TtGiL3HJk9aD7beoUH9CBjBoaxP
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2