Overview

overview

10

Static

static

GOLGAPORA.ps1

windows7-x64

1

GOLGAPORA.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GOLGAPORA.PS1

  • Size

    1.1MB

  • Sample

    221003-g6em7sbcf3

  • MD5

    603bffe09d8f6c58499a83212f5febac

  • SHA1

    f6616cdfbe8b06b5ee4f95cfee0ed15b74b59466

  • SHA256

    d7fe1e3c8d18c2f992dfad7fabfb8f9907786eaca269dbc73593801c7474bd13

  • SHA512

    788b7cd546c4557fdbbab8a5048f62838106e592836a9616f19cf82759b6486207912f8787ddf5465a4d5ec4d567776cab701b2c1e5b63980c9245ee51884346

  • SSDEEP

    12288:WViPI6z8ay43NxSz0kmLoL2xfZe0I8nU8ECxKFajP:iINi0kmLF5I8P

Score
10/10
collection

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    107.182.129.168
  • Port:
    21
  • Username:
    ashgdhfg3
  • Password:
    jfghfjgh545

Targets

    • Target

      GOLGAPORA.PS1

    • Size

      1.1MB

    • MD5

      603bffe09d8f6c58499a83212f5febac

    • SHA1

      f6616cdfbe8b06b5ee4f95cfee0ed15b74b59466

    • SHA256

      d7fe1e3c8d18c2f992dfad7fabfb8f9907786eaca269dbc73593801c7474bd13

    • SHA512

      788b7cd546c4557fdbbab8a5048f62838106e592836a9616f19cf82759b6486207912f8787ddf5465a4d5ec4d567776cab701b2c1e5b63980c9245ee51884346

    • SSDEEP

      12288:WViPI6z8ay43NxSz0kmLoL2xfZe0I8nU8ECxKFajP:iINi0kmLF5I8P

    Score
    10/10
    collection

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks