General

  • Target

    fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f

  • Size

    62KB

  • Sample

    241122-csl3xaykgl

  • MD5

    8cf2a878780f9f16e7dd5ce997ee9a97

  • SHA1

    0f5c26827acc179f7619b847a21de4e63b7bddce

  • SHA256

    fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f

  • SHA512

    e0ba84a3667ee46a042b167a624dcf3c14c2de28cba94dcba1afb6f035c6b52eddeec26a02fff4e2b4ef1ed9fea330169a302d979b7563c37db7903354e1b13d

  • SSDEEP

    768:8ooSooooUatoXoooonooqoooUoooooIooUpJcaUitGAlmrJpmxlzC+w99NBD3y6L:QptJlmrJpmxlRw99NB7yZhERepNiqwC

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://tomas.datanom.fi/testlab/w0qi46LyvZ

exe.dropper

http://www.plasdo.com/MNXfUEtpo

exe.dropper

http://vinastone.com/m3qQf5sLVY

exe.dropper

http://vaarbewijzer.nl/D50JpVAsc0

exe.dropper

http://ruforum.uonbi.ac.ke/wp-content/uploads/afZG2WrC

Targets

    • Target

      fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f

    • Size

      62KB

    • MD5

      8cf2a878780f9f16e7dd5ce997ee9a97

    • SHA1

      0f5c26827acc179f7619b847a21de4e63b7bddce

    • SHA256

      fd15363835636b0455cd31ed7860dfbc3d06b14cc172e02d68afd26f3962a10f

    • SHA512

      e0ba84a3667ee46a042b167a624dcf3c14c2de28cba94dcba1afb6f035c6b52eddeec26a02fff4e2b4ef1ed9fea330169a302d979b7563c37db7903354e1b13d

    • SSDEEP

      768:8ooSooooUatoXoooonooqoooUoooooIooUpJcaUitGAlmrJpmxlzC+w99NBD3y6L:QptJlmrJpmxlRw99NB7yZhERepNiqwC

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks