Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9e1331fc84a32aa302ce9089c2016334801066320409167e3aae342b9663b4e.doc

  • Size

    151KB

  • Sample

    200127-9vzf8ph7dn

  • MD5

    1b3a5ed9bdf80cb9104f4747546c822a

  • SHA1

    1b6966627f269304f8ecb68a584202ec49a27e75

  • SHA256

    b9e1331fc84a32aa302ce9089c2016334801066320409167e3aae342b9663b4e

  • SHA512

    e1c896686d3fce8949c8841eb526be9342d1ab78e08e765c7ce270abda1f45fde8c2073b4e733e1d14b3fb2562b2b3ce7dd787ab33056947f64b0b37859b7d64

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://delhisexclinic.com/zds/jUzItNFoNN/
exe.dropper

https://lelangg.online/uydlcvg/xoZAiAes/
exe.dropper

https://usispf.org/wp-admin/vjWaya/
exe.dropper

https://www.sexylady.space/wp-admin/JM/
exe.dropper

https://www.metropolnet.gr/cgi-bin/eP1hbutDbo/

Targets

    • Target

      b9e1331fc84a32aa302ce9089c2016334801066320409167e3aae342b9663b4e.doc

    • Size

      151KB

    • MD5

      1b3a5ed9bdf80cb9104f4747546c822a

    • SHA1

      1b6966627f269304f8ecb68a584202ec49a27e75

    • SHA256

      b9e1331fc84a32aa302ce9089c2016334801066320409167e3aae342b9663b4e

    • SHA512

      e1c896686d3fce8949c8841eb526be9342d1ab78e08e765c7ce270abda1f45fde8c2073b4e733e1d14b3fb2562b2b3ce7dd787ab33056947f64b0b37859b7d64

    Score
    10/10

    • Process spawned unexpected child process

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks