Overview

overview

10

Static

static

10

2cd2d3823b...60.ps1

windows7_x64

10

2cd2d3823b...60.ps1

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660

  • Size

    360B

  • Sample

    220521-m989wagdgp

  • MD5

    cfd1923ef62eda51c93b8b3599941acd

  • SHA1

    ec8712a15560aa43ba4710ea574f5443ae5c5c5c

  • SHA256

    2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660

  • SHA512

    043f86e5448c4bcc941da02471797d3b863644502bdc36a9c97ab693b888eee2fafcf35e5ffbdce1afcaaf1b77869b50c49e49274ad7a0543b49a993d32ff5c6

Score
10/10
evasionsuricata

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://pastebin.com/raw/Qkwjgmp3

Targets

    • Target

      2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660

    • Size

      360B

    • MD5

      cfd1923ef62eda51c93b8b3599941acd

    • SHA1

      ec8712a15560aa43ba4710ea574f5443ae5c5c5c

    • SHA256

      2cd2d3823bacb5591d922756a072b4e934d42a471fce9fe2f5b2fd05fac0c660

    • SHA512

      043f86e5448c4bcc941da02471797d3b863644502bdc36a9c97ab693b888eee2fafcf35e5ffbdce1afcaaf1b77869b50c49e49274ad7a0543b49a993d32ff5c6

    Score
    10/10
    evasionsuricata

    • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

      suricata

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks