General

  • Target

    SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565

  • Size

    99KB

  • Sample

    200630-ecvyhrqh8a

  • MD5

    2a6d6ea570bf94f27a057e2181247e6e

  • SHA1

    602c808c644bd96cbf7f6d4423d22fd1bff8b538

  • SHA256

    4c34d35aa6bfb51235832f2f653d4d95ac18f8050d7b9894a3810492341c5ed2

  • SHA512

    09d9b55720d7f2c7eb959eb9ce202bd479e4786e01796a15e74b14c2ebd73902168635ed88addca126c20114d1c06e2f3a9033735630d50b07dc6e094ffb8c65

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://185.208.211.67/scorp/Queen.sfx.exe

Targets

    • Target

      SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565

    • Size

      99KB

    • MD5

      2a6d6ea570bf94f27a057e2181247e6e

    • SHA1

      602c808c644bd96cbf7f6d4423d22fd1bff8b538

    • SHA256

      4c34d35aa6bfb51235832f2f653d4d95ac18f8050d7b9894a3810492341c5ed2

    • SHA512

      09d9b55720d7f2c7eb959eb9ce202bd479e4786e01796a15e74b14c2ebd73902168635ed88addca126c20114d1c06e2f3a9033735630d50b07dc6e094ffb8c65

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks