Overview

overview

10

Static

static

10

262f5901d5...41.exe

windows7_x64

6

262f5901d5...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041

  • Size

    184KB

  • Sample

    220616-lbw18afah3

  • MD5

    2822431899265acfe0116a193ff7eb86

  • SHA1

    19b65753f8b60664b371b28680b5d4ce7660af2a

  • SHA256

    262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041

  • SHA512

    11bf4b1bc5217564c03811608ad7adce819925dd47daa6f01eca31a9f0aa46f519b93635efc44f7e7422f44650cb2fa6d4f024dbf52dfb77e26ccb6793267797

Score
10/10
legiondownloader

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://legion17.com/legion17/welcome

Targets

    • Target

      262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041

    • Size

      184KB

    • MD5

      2822431899265acfe0116a193ff7eb86

    • SHA1

      19b65753f8b60664b371b28680b5d4ce7660af2a

    • SHA256

      262f5901d5463b9d191893b4873cd9e88d3c87f43e91d1f984d956167c063041

    • SHA512

      11bf4b1bc5217564c03811608ad7adce819925dd47daa6f01eca31a9f0aa46f519b93635efc44f7e7422f44650cb2fa6d4f024dbf52dfb77e26ccb6793267797

    Score
    10/10
    legiondownloader

    • Legion

      Legion is a malware downloader written in C++.

      downloaderlegion

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks