Overview

overview

8

Static

static

PS.ps1

windows7_x64

8

PS.ps1

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PS.ps1

  • Size

    490B

  • Sample

    210504-v1wpxgn39j

  • MD5

    a09dc5b1b69075b7b82d656cc0766e30

  • SHA1

    a3a060e7ab02cecfdd115ab415da947146e37193

  • SHA256

    0ab6b8351024ac1bd5a7852563a5039135e32c68b528e5d1061722f5d3650999

  • SHA512

    49dc33d8b67ab387fe2859325cfc47b77f62ba745ca91b0104f23ca3162c4071d3c85e04c119a09cc0ca31a30545a81b1e8ae173f4ccfba5bf4af45ada4d68df

Score
8/10

Malware Config

Targets

    • Target

      PS.ps1

    • Size

      490B

    • MD5

      a09dc5b1b69075b7b82d656cc0766e30

    • SHA1

      a3a060e7ab02cecfdd115ab415da947146e37193

    • SHA256

      0ab6b8351024ac1bd5a7852563a5039135e32c68b528e5d1061722f5d3650999

    • SHA512

      49dc33d8b67ab387fe2859325cfc47b77f62ba745ca91b0104f23ca3162c4071d3c85e04c119a09cc0ca31a30545a81b1e8ae173f4ccfba5bf4af45ada4d68df

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks