General
-
Target
d6c4ade36b68cf81608e4d020753dac7.ps1
-
Size
144KB
-
Sample
220401-b7nplscde4
-
MD5
d6c4ade36b68cf81608e4d020753dac7
-
SHA1
5f75f581c64a6e47183b1e6907af080b74f3de01
-
SHA256
aaa058a702aa5685df10d86f8af119ce93442a885496104b35719b103c81a52b
-
SHA512
19369bba499912144de311602d6952486146862e2433b51905de529455718d52bebc1bd0a72c08e691caf6cec347184da934be2094040a2d86bc1cbe13fee643
Static task
static1
Behavioral task
behavioral1
Sample
d6c4ade36b68cf81608e4d020753dac7.ps1
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
d6c4ade36b68cf81608e4d020753dac7.ps1
Resource
win10v2004-20220331-en
Malware Config
Extracted
revengerat
MR_ahmed
45.147.230.231:2222
c416f58db13c4
Targets
-
-
Target
d6c4ade36b68cf81608e4d020753dac7.ps1
-
Size
144KB
-
MD5
d6c4ade36b68cf81608e4d020753dac7
-
SHA1
5f75f581c64a6e47183b1e6907af080b74f3de01
-
SHA256
aaa058a702aa5685df10d86f8af119ce93442a885496104b35719b103c81a52b
-
SHA512
19369bba499912144de311602d6952486146862e2433b51905de529455718d52bebc1bd0a72c08e691caf6cec347184da934be2094040a2d86bc1cbe13fee643
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-