Overview

overview

10

Static

static

bc.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc.ps1

  • Size

    1.6MB

  • Sample

    220926-pepyvsbhel

  • MD5

    71604c2a9f1e0f8964fbf72e8c76b87d

  • SHA1

    067599d1f37f7740d1e133401097b2699b56f8e7

  • SHA256

    90466d04ca05ab1d1acbb20200ea3be840ab4b465f1a5af97f47f269d39ab3d7

  • SHA512

    40eae4baf59c7841560728a9aa108941d00072e4317a63b61d8da479fba7911068a1b899e4da524ad726a0d920cdbee3522e0965c768a52b642b8e290b923afa

  • SSDEEP

    24576:LGWTNkhmlnhkT9UqnFJ2/RLIfyg7r0AAl:9

Score
10/10
persistence

Malware Config

Targets

    • Target

      bc.ps1

    • Size

      1.6MB

    • MD5

      71604c2a9f1e0f8964fbf72e8c76b87d

    • SHA1

      067599d1f37f7740d1e133401097b2699b56f8e7

    • SHA256

      90466d04ca05ab1d1acbb20200ea3be840ab4b465f1a5af97f47f269d39ab3d7

    • SHA512

      40eae4baf59c7841560728a9aa108941d00072e4317a63b61d8da479fba7911068a1b899e4da524ad726a0d920cdbee3522e0965c768a52b642b8e290b923afa

    • SSDEEP

      24576:LGWTNkhmlnhkT9UqnFJ2/RLIfyg7r0AAl:9

    Score
    10/10
    persistence

    • Modifies system executable filetype association

      persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks