General
-
Target
Y7839.ps1
-
Size
55KB
-
Sample
220210-vxkprahbc2
-
MD5
e2201063031968eddf2e02dfe7aeae82
-
SHA1
0dc6b5dbf9225f4a20e38fc3f7664da72ca1a21f
-
SHA256
d074c74b09cb7d64c8647b8da0adeea4293db6abd5d0ae4202cef511252acf1b
-
SHA512
e3fff0b87345e2c5179b9c075d22bacb85a64ddd48968510e37cfb621a0220826c50b864680a78f3fe97c55873c3bb6d6be141ba6ef29d9bcff34136d8c5d3ea
Static task
static1
Behavioral task
behavioral1
Sample
Y7839.ps1
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Y7839.ps1
Resource
win10v2004-en-20220112
Malware Config
Extracted
http://54.235.58.2/3/ServR43.txt
Extracted
nworm
v0.3.8
nyanmoj.duckdns.org:5057
moneyhope81.duckdns.org:5057
cb2d3cba
Targets
-
-
Target
Y7839.ps1
-
Size
55KB
-
MD5
e2201063031968eddf2e02dfe7aeae82
-
SHA1
0dc6b5dbf9225f4a20e38fc3f7664da72ca1a21f
-
SHA256
d074c74b09cb7d64c8647b8da0adeea4293db6abd5d0ae4202cef511252acf1b
-
SHA512
e3fff0b87345e2c5179b9c075d22bacb85a64ddd48968510e37cfb621a0220826c50b864680a78f3fe97c55873c3bb6d6be141ba6ef29d9bcff34136d8c5d3ea
Score10/10-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-