General

  • Target

    SecuriteInfo.com.W97M.DownLoader.4727.22448.7074

  • Size

    170KB

  • Sample

    200801-t67adfhrc2

  • MD5

    d5283fbb4f9a30d1ea6f871267562afc

  • SHA1

    3c4a1a7ae19cd5d388656bb7dd594e35f652c8aa

  • SHA256

    a99c6b6304c5b6fc4a5501c4ba37eb205576e2168b3058870bf6e18282856657

  • SHA512

    8a94aa0ab36be6dc4b7a1fc9dab86d9616eda9875cab2c6e09cf3bf2af86e492fb93325dcb0f7e5a41494b8c530d2bb88847803fa90ba1fbc7fa1e1ccb76c45f

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://johnsonlam.com/images/KO2l8V/

exe.dropper

http://jolapa.com/bobby/ll5P/

exe.dropper

http://joeljustice.com/images/OM4AD/

exe.dropper

http://joshuasjewelry.com/feed/JF5x9530/

exe.dropper

http://jothay.com/ClientBin/dyMrK85523/

Targets

    • Target

      SecuriteInfo.com.W97M.DownLoader.4727.22448.7074

    • Size

      170KB

    • MD5

      d5283fbb4f9a30d1ea6f871267562afc

    • SHA1

      3c4a1a7ae19cd5d388656bb7dd594e35f652c8aa

    • SHA256

      a99c6b6304c5b6fc4a5501c4ba37eb205576e2168b3058870bf6e18282856657

    • SHA512

      8a94aa0ab36be6dc4b7a1fc9dab86d9616eda9875cab2c6e09cf3bf2af86e492fb93325dcb0f7e5a41494b8c530d2bb88847803fa90ba1fbc7fa1e1ccb76c45f

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks