2b4fb8da8c7c191418e66e8630c9269a3d090d908e17b1daa16fcf9e9566502e | Triage

Sharing

General

Target

2b4fb8da8c7c191418e66e8630c9269a3d090d908e17b1daa16fcf9e9566502e
Size

5KB
Sample

220131-wyc7qsahfm
MD5

ef7173b03c9e2d414d8799a1b5753b13
SHA1

508cea62f4eaeb919abec7875c96760877c3e65a
SHA256

2b4fb8da8c7c191418e66e8630c9269a3d090d908e17b1daa16fcf9e9566502e
SHA512

426a7a6854e8c27d2d977194a051beb5478ce36b6c91a730801b4d3cfc8e910f28f6d8ef6f02eb6d0bba5ec3269241d974dfedceff64902cd363aa48355643e9

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://RetirementPortal.acrtnic.com:443

Targets

- Target
  
  2b4fb8da8c7c191418e66e8630c9269a3d090d908e17b1daa16fcf9e9566502e
- Size
  
  5KB
- MD5
  
  ef7173b03c9e2d414d8799a1b5753b13
- SHA1
  
  508cea62f4eaeb919abec7875c96760877c3e65a
- SHA256
  
  2b4fb8da8c7c191418e66e8630c9269a3d090d908e17b1daa16fcf9e9566502e
- SHA512
  
  426a7a6854e8c27d2d977194a051beb5478ce36b6c91a730801b4d3cfc8e910f28f6d8ef6f02eb6d0bba5ec3269241d974dfedceff64902cd363aa48355643e9
Score

10^/10
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2