General

  • Target

    file.ps1

  • Size

    3KB

  • Sample

    220911-csh19aahd7

  • MD5

    c4a04ce2d5a109cc76e7ffe5e2d4b124

  • SHA1

    0466028fbec471f4f11d5995ccb17aff6cb6305f

  • SHA256

    d6a8f5cf11e992ce94895e59cfa08a4b7d36d2552587c9db6c7f3b1a338e7d08

  • SHA512

    4bd2f68f8b7aa022216d37856829cfd996aab0ae3755ae0da8d0308f5e76dbb45a1f8011bc70ce99b23d913dc9223dbb6bb5f552d5c92d2bbccf7c9bae9e647c

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://sprinthunter.com:443/NiVO

Targets

    • Target

      file.ps1

    • Size

      3KB

    • MD5

      c4a04ce2d5a109cc76e7ffe5e2d4b124

    • SHA1

      0466028fbec471f4f11d5995ccb17aff6cb6305f

    • SHA256

      d6a8f5cf11e992ce94895e59cfa08a4b7d36d2552587c9db6c7f3b1a338e7d08

    • SHA512

      4bd2f68f8b7aa022216d37856829cfd996aab0ae3755ae0da8d0308f5e76dbb45a1f8011bc70ce99b23d913dc9223dbb6bb5f552d5c92d2bbccf7c9bae9e647c

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks