9681c0c07bdd630a1953d61e383038b057986a7a05c3f5f0f5d8370f3acd4515 | Triage

Sharing

General

Target

WyChVIlbg.zip
Size

76KB
Sample

241129-n55assypbj
MD5

5dca4a22385de244c7accc88282b9987
SHA1

7c8490e16d245ac7936d02bb5b5bd99f9077b362
SHA256

9681c0c07bdd630a1953d61e383038b057986a7a05c3f5f0f5d8370f3acd4515
SHA512

84c8ec4f8a843b5ab454148354522434096e1139e676d01f58bfcde290d7eefca000f84b1238d5de02967867254a22762c9c5f7f4a2c5548fb6e29e487ef5231
SSDEEP

1536:H6zQ03WEgJmSUOEmFc1porvFffmzQ03WEgJmSUOEmFc1porvFfN2W1:pWvgJhDqHoDWvgJhDqHoyy

Score

10^/10

discovery dropper execution

Malware Config

Targets

- Target
  
  WyChVIlbg/UaqyTpZb.ps1
- Size
  
  2KB
- MD5
  
  8540f5e40048f2e57fb5e2df66dbfe87
- SHA1
  
  eb038fd0f3e8bf11fdd16935de73ccf41d0331fd
- SHA256
  
  7005d74259760c7cc54a73e1c52cd8f7ff4aa641dac00fba952bc11d6557aae5
- SHA512
  
  b9555215dee32445c78a8138c885a5bb496dbd88d5d6f3037b9c427444fecb1cee0c5a2e3a23911f20ad2270f4e637725fbfae6cd19de5f8116924b817eba754
Score

10^/10

dropper execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Download via BitsAdmin
  dropper
behavioral1 behavioral2
- Target
  
  WyChVIlbg/UaqyTpZb.rock
- Size
  
  928B
- MD5
  
  31069b8dae8fdaa5110052b81a6915dd
- SHA1
  
  55bb45b6c77e70737bc0b074a48c9a17abefa0d8
- SHA256
  
  fb76e16be918502d2483b131282e7604ae1d0883f6765abac83fcef6a8d4d0a9
- SHA512
  
  984454789d87a4898461762ea6f251a03322ce4132939098340f770512c1782d6dfde19b4cf9291b396ba91c67bbbf23a0de0d1ca0daefecdc919d1a11554b8c
Score

1^/10
behavioral3 behavioral4
- Target
  
  WyChVIlbg/main.sh
- Size
  
  196KB
- MD5
  
  d4f06b258da41c8260fe07e2bc280953
- SHA1
  
  046a98fa4b8e4b44914884c1525c2c787c98cfa4
- SHA256
  
  b89c2c4c38917239929a94d79f86076f61dde3029fb514fdc7944d7b0114a455
- SHA512
  
  3bc6231d0d5aebad5f3dc45ff6c9b9391ebab51ea004acadd4b9cea96fab91a2274a04d65ca76c431048303cb2405178fcfb989db7bbac95a10ccbf42c4ce660
- SSDEEP
  
  1536:WpiXzghbEZcJJK8V2i7S/Rn8B5mYlnsoZFWrJ+m6n8tBZO57w2kpm7grh7wJQeRN:Q
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  WyChVIlbg/sleep.sh
- Size
  
  1KB
- MD5
  
  fe79901a44807126a2b1dae9e340119a
- SHA1
  
  94c36ede7d636b453a9f82639915e58040ff6991
- SHA256
  
  7e45dbdfd8c250a7e5a62a222d0941d2e08723d6491e5566c14fc08f9ff9b393
- SHA512
  
  c8727b1116c4ac950b614df4fa6d634353aba5695cd4dff8c2c3b77e5e70070bfd015f43c5e5740903691f800aef635b5d50f85ccc1f942a7407280238c91f0f
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  WyChVIlbg/UaqyTpZb.ps1
- Size
  
  2KB
- MD5
  
  8540f5e40048f2e57fb5e2df66dbfe87
- SHA1
  
  eb038fd0f3e8bf11fdd16935de73ccf41d0331fd
- SHA256
  
  7005d74259760c7cc54a73e1c52cd8f7ff4aa641dac00fba952bc11d6557aae5
- SHA512
  
  b9555215dee32445c78a8138c885a5bb496dbd88d5d6f3037b9c427444fecb1cee0c5a2e3a23911f20ad2270f4e637725fbfae6cd19de5f8116924b817eba754
Score

10^/10

dropper execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Download via BitsAdmin
  dropper
behavioral10 behavioral9
- Target
  
  WyChVIlbg/UaqyTpZb.rock
- Size
  
  928B
- MD5
  
  31069b8dae8fdaa5110052b81a6915dd
- SHA1
  
  55bb45b6c77e70737bc0b074a48c9a17abefa0d8
- SHA256
  
  fb76e16be918502d2483b131282e7604ae1d0883f6765abac83fcef6a8d4d0a9
- SHA512
  
  984454789d87a4898461762ea6f251a03322ce4132939098340f770512c1782d6dfde19b4cf9291b396ba91c67bbbf23a0de0d1ca0daefecdc919d1a11554b8c
Score

1^/10
behavioral11 behavioral12
- Target
  
  WyChVIlbg/main.sh
- Size
  
  196KB
- MD5
  
  d4f06b258da41c8260fe07e2bc280953
- SHA1
  
  046a98fa4b8e4b44914884c1525c2c787c98cfa4
- SHA256
  
  b89c2c4c38917239929a94d79f86076f61dde3029fb514fdc7944d7b0114a455
- SHA512
  
  3bc6231d0d5aebad5f3dc45ff6c9b9391ebab51ea004acadd4b9cea96fab91a2274a04d65ca76c431048303cb2405178fcfb989db7bbac95a10ccbf42c4ce660
- SSDEEP
  
  1536:WpiXzghbEZcJJK8V2i7S/Rn8B5mYlnsoZFWrJ+m6n8tBZO57w2kpm7grh7wJQeRN:Q
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  WyChVIlbg/sleep.sh
- Size
  
  1KB
- MD5
  
  fe79901a44807126a2b1dae9e340119a
- SHA1
  
  94c36ede7d636b453a9f82639915e58040ff6991
- SHA256
  
  7e45dbdfd8c250a7e5a62a222d0941d2e08723d6491e5566c14fc08f9ff9b393
- SHA512
  
  c8727b1116c4ac950b614df4fa6d634353aba5695cd4dff8c2c3b77e5e70070bfd015f43c5e5740903691f800aef635b5d50f85ccc1f942a7407280238c91f0f
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dropperexecution

behavioral2

dropperexecution

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

dropperexecution

behavioral10

dropperexecution

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16