e15a30747a6b21794d76525b32ee3c32521bb917839ae3b2519f4e174cfe107f | Triage

Sharing

General

Target

e27318b5d518aedb83accec2767fa87d
Size

326KB
Sample

210721-gg5d2pp84e
MD5

e27318b5d518aedb83accec2767fa87d
SHA1

b66e7afa9b5c6bf8fa0634f0490b25c5cfd9d20e
SHA256

e15a30747a6b21794d76525b32ee3c32521bb917839ae3b2519f4e174cfe107f
SHA512

90c0bc18234036b9e802bf2aefdff646e866ad4313f8d9b063c7a5c9d4b4031f4824e5d535964295411216b12e6efc169ffc11ebaa7cdcb97d181a66fc57cbaa

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/862345240970264589/867428387840983060/langwige.txt

Targets

- Target
  
  e27318b5d518aedb83accec2767fa87d
- Size
  
  326KB
- MD5
  
  e27318b5d518aedb83accec2767fa87d
- SHA1
  
  b66e7afa9b5c6bf8fa0634f0490b25c5cfd9d20e
- SHA256
  
  e15a30747a6b21794d76525b32ee3c32521bb917839ae3b2519f4e174cfe107f
- SHA512
  
  90c0bc18234036b9e802bf2aefdff646e866ad4313f8d9b063c7a5c9d4b4031f4824e5d535964295411216b12e6efc169ffc11ebaa7cdcb97d181a66fc57cbaa
Score

10^/10
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2