General

  • Target

    b952411877bb1109df73a712e7bc247757573010ea170bc30d9c303ea8a4646c

  • Size

    445KB

  • Sample

    221130-xaamdahb2x

  • MD5

    9a49d4d206bb20277e6df5499a234611

  • SHA1

    dc93f2aac038b396b67e7ace47ed4794d0face7c

  • SHA256

    b952411877bb1109df73a712e7bc247757573010ea170bc30d9c303ea8a4646c

  • SHA512

    88d211614d1e8cae5c189da0e92c165af29ededfdc84ab177be0064b79e110100f6dd4c007fac16eeaeb51eb72d4a1e07e45be51ab671a6d68e08ca35b5bb87c

  • SSDEEP

    12288:DTt8uQufVz3xefS58g2i4bdt6OIG7ZCPQ+:3muL8g2isi

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://paste.ee/r/M7xnD

ps1.dropper

https://paste.ee/r/FUipz

Targets

    • Target

      b952411877bb1109df73a712e7bc247757573010ea170bc30d9c303ea8a4646c

    • Size

      445KB

    • MD5

      9a49d4d206bb20277e6df5499a234611

    • SHA1

      dc93f2aac038b396b67e7ace47ed4794d0face7c

    • SHA256

      b952411877bb1109df73a712e7bc247757573010ea170bc30d9c303ea8a4646c

    • SHA512

      88d211614d1e8cae5c189da0e92c165af29ededfdc84ab177be0064b79e110100f6dd4c007fac16eeaeb51eb72d4a1e07e45be51ab671a6d68e08ca35b5bb87c

    • SSDEEP

      12288:DTt8uQufVz3xefS58g2i4bdt6OIG7ZCPQ+:3muL8g2isi

    Score
    10/10
    • Blocklisted process makes network request

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Matrix

Tasks