e775e86df1cacbb5baef5fb865140d28b64b3c17b3fa6aa503596d65d98ca329 | Triage

Sharing

General

Target

tuesdayVbs no Startup.vbs
Size

208KB
Sample

221123-s37qcsga5v
MD5

fff2ba02c53b34effc52c05238a57c89
SHA1

fdc77086e5ecbf9db1a3dbac8ea0a7c55d77940e
SHA256

e775e86df1cacbb5baef5fb865140d28b64b3c17b3fa6aa503596d65d98ca329
SHA512

054d07ef65fd904beb993ad79816f09e6095df0156fb1f777fde3e10425e3c379f35ec631a144f7211329d90e6f17cf657ba7814a75ac987effd63f893b96dc5
SSDEEP

3072:7wOt4MYI2x75nehsqgB3F23st+Zn3F/MvVkwsl:V

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://4.204.233.44/DLL/NoStartUp.ppam

Targets

- Target
  
  tuesdayVbs no Startup.vbs
- Size
  
  208KB
- MD5
  
  fff2ba02c53b34effc52c05238a57c89
- SHA1
  
  fdc77086e5ecbf9db1a3dbac8ea0a7c55d77940e
- SHA256
  
  e775e86df1cacbb5baef5fb865140d28b64b3c17b3fa6aa503596d65d98ca329
- SHA512
  
  054d07ef65fd904beb993ad79816f09e6095df0156fb1f777fde3e10425e3c379f35ec631a144f7211329d90e6f17cf657ba7814a75ac987effd63f893b96dc5
- SSDEEP
  
  3072:7wOt4MYI2x75nehsqgB3F23st+Zn3F/MvVkwsl:V
Score

10^/10
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2