7dcdd092a7280c64d8ae7ed5aed8e635190051a63fda39ba0cd27624b73c90d7 | Triage

Sharing

General

Target

wsusoffline1173.zip
Size

6.2MB
Sample

211101-y95ggaaga8
MD5

2fe04b468788d7f28290947547cbcf8b
SHA1

1bbb8018d6c542051e91bbf8e29590b872775006
SHA256

7dcdd092a7280c64d8ae7ed5aed8e635190051a63fda39ba0cd27624b73c90d7
SHA512

86a83c5748c0858169057ddbdb5c1b2265b24bced38a9655dba8535b367f4ba699faf18b9be6f3ad66fb9f3a6e2407aa240a44b43d78e65c35a440666ac7d52c

Score

5^/10

link linux pdf

Malware Config

Targets

- Target
  
  wsusoffline/sh/download-updates.bash
- Size
  
  17KB
- MD5
  
  3b8c61fc36cbcaca05fd03cf7b4ede90
- SHA1
  
  d035584ccf514f33609ebda0e97f3f8d66be5090
- SHA256
  
  711a46d78ffbf1ee2d8a8a082a3a652bbc71009dd8714398527cdc0459585b58
- SHA512
  
  c871bddc75d39e04abc4ca04367730dd8a92d746a9849c09ab2b6bf7cbebd7af2a0f843468816120bfab99a2527ffd7601d4ff6356902940200671058a23b9f6
Score

1^/10
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  wsusoffline/sh/fix-file-permissions.bash
- Size
  
  2KB
- MD5
  
  b746b5f4c2059408199a07ba1cead9c6
- SHA1
  
  ccab7dc6dd748bec8b32cfbdabea30a41d2b6965
- SHA256
  
  97ec0f5ec66f7351471bbd414b185368bd0248a30703929f7ed9590f54a319c7
- SHA512
  
  2ea88bbd1abb0b4d583ee85a017b3453d49f7498788a0b4138b69071b3bdb45ffe2d272db4629805cec512c586129a604f28d62d014dc9b4923bd8cb66d69c40
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  wsusoffline/sh/get-all-updates.bash
- Size
  
  3KB
- MD5
  
  5d4756a830c97aa6dbcf7047d2d6bb49
- SHA1
  
  47fe657aea312b855f232f57211dd9055897a530
- SHA256
  
  542ac660cc44d118983b039b36a352ad188965dab4e017b20dc8c0bd6210805b
- SHA512
  
  75286aa96f3acf322d44b8fe66d5e31269013bc509a428b00b766f61fbd8e94dd2e31321b8dabe10e38a3160131af649a17f2d8abf6becfcf7479a4129ec6be6
Score

1^/10
behavioral9 behavioral10 behavioral11 behavioral12
- Target
  
  wsusoffline/sh/open-support-pages.bash
- Size
  
  4KB
- MD5
  
  99ec9f141cce84acad7b40752ec988c4
- SHA1
  
  2a49276f6993822bcfe7e9ae007f4bb86f3750ad
- SHA256
  
  8d554790eb00c58c38d63ab5856c769050c98a1d652912f260af8cf1b50f0134
- SHA512
  
  c682abe0b1a9b28aad876172bee37af45db59b84595afbbe7d8ef1744843b9c2e3bf5279454c86e9aa7ffe502c3dba94464a89b8faa429211b139f1ef1fa1ec1
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  wsusoffline/sh/rebuild-integrity-database.bash
- Size
  
  9KB
- MD5
  
  32dcf141bcb42321ee9db0fcb50f9a95
- SHA1
  
  e81fe739a40a67ae6d23d7813bbbf8e86957cc51
- SHA256
  
  f32ccf3e6a8ba1645cdee87cd148e2d4567d4fa441f3d22aaa63394515b629d4
- SHA512
  
  ea00f9bd27d2d2a1aaf56d3b6694bfbb85afbd1ca6298e6b77d52be0142d26453069a725142679a6e41a1f9190bfea1e59192f1ca6891943c80ffc3cda6b959d
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  wsusoffline/sh/update-generator.bash
- Size
  
  14KB
- MD5
  
  0620a20ab532e2ebdb274d963183ad6a
- SHA1
  
  4d6edb12007922a233cefb92e16ddfbde88ba0d5
- SHA256
  
  b4f8ff84306280ccc0a6b6ed944f5d3012c55d01d6cb935fed91656f52d349d0
- SHA512
  
  56e9a0e6e34d7a3b7e557ddf2eae79e451828e20ee000dd2d0364a5632d5a5270bb8ca796a273f3b93de5652d7129c51da9cf370832c5b9c9f049bfc4750b57c
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  wsusoffline/xslt/extract-existing-bundle-revision-ids.xsl
- Size
  
  846B
- MD5
  
  a16b9d7ddf91f1e497165179bf4186b0
- SHA1
  
  b945188db6208aad90794cca7362928401a95029
- SHA256
  
  15494eaf028c9a4a01b29ef6331569eb7c72234b03604e412d0a7c9ff4529374
- SHA512
  
  4f6a8124616007dd7448b12b741b082137335ce4205d7ee25fd10c6f547a610054c09cae2512dd753edd130b3973247af21b8857a5beefa20e53c8b78973fc3f
Score

1^/10
behavioral25 behavioral26
- Target
  
  wsusoffline/xslt/extract-superseding-and-superseded-revision-ids.xsl
- Size
  
  951B
- MD5
  
  1ddbedd979bbbdd579a35f38b1af349b
- SHA1
  
  d55bc787be2387d0a0512b6ab50ea32dd49cf783
- SHA256
  
  0d4e6f3c2c1cb3df87034ac8d7092c94c1f425ec1ab1755604a492a751bd61a6
- SHA512
  
  b188e310132521f42234a8e8a8043d457f9271d1436caa78417f4470650e8d5bbbb0da01c6327c48f50663eb8c53f8fe00ddf616942163439134123574e4e07a
Score

1^/10
behavioral27 behavioral28
- Target
  
  wsusoffline/xslt/extract-update-cab-exe-ids-and-locations.xsl
- Size
  
  1019B
- MD5
  
  6bca1c2f6493d825cf8db8c1766a4a30
- SHA1
  
  91010bd01b942acd41ca009ff01712e5658942a1
- SHA256
  
  9109074b6af7c5553453be555edc30207683ea6725a53652eeae587e3c3d9c39
- SHA512
  
  f84cf9cc4fb81163b8df4814c89ee2911bc54f539f4a5b9b7f4ec707d0d9ac7e4ea44e9fb35007b6e25fe9c63a02aba3d4cc50180465aff34387a650e034f15a
Score

1^/10
behavioral29 behavioral30
- Target
  
  wsusoffline/xslt/extract-update-revision-and-file-ids.xsl
- Size
  
  970B
- MD5
  
  b624b2129353822376726f274811b225
- SHA1
  
  b6716645cfaf56e8e5e863a2b408c07c64549402
- SHA256
  
  ca70add140d468034e5139e7b20514e04fede3f6507853d5791f5b4c07987fa6
- SHA512
  
  f1eb463255285b089989475afe2c69e27d81220a1bf294facac9e89eabe67197d823d216feeb1d168fbcf0bf831ba86f75540e74a4509848803afd1b75a7d481
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32