Overview

overview

8

Static

static

script.ps1

windows7-x64

1

script.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    script.txt

  • Size

    87KB

  • Sample

    230130-lypknabe7w

  • MD5

    d1ad6eb3db5f48450a55928ebd8ff0f4

  • SHA1

    ff416c3df6145cff6f2d84ab1efd1635bb5374e3

  • SHA256

    94c2efd570d4f83b1dd6e5e18bfa26ca2b416c15bfd008326b1d8331c8e7a29a

  • SHA512

    c13c6844ef9babcf35d8c7ce36b222243a9bfd4eb5fe98569c2809437fc2d9fbe763520a1bf06140178576ea5f0e103660c957ce1811aa5b9728d7cc935a281b

  • SSDEEP

    768:c7BBnMPbvFTFfQKH34d+9cyIr0m3TD9hPCx1k82cPaullkeRmS7U2LqGC6JK+4:onMPbhCKH34Y9orDRBCI8lhxqGC6JK+4

Score
8/10
persistence

Malware Config

Targets

    • Target

      script.txt

    • Size

      87KB

    • MD5

      d1ad6eb3db5f48450a55928ebd8ff0f4

    • SHA1

      ff416c3df6145cff6f2d84ab1efd1635bb5374e3

    • SHA256

      94c2efd570d4f83b1dd6e5e18bfa26ca2b416c15bfd008326b1d8331c8e7a29a

    • SHA512

      c13c6844ef9babcf35d8c7ce36b222243a9bfd4eb5fe98569c2809437fc2d9fbe763520a1bf06140178576ea5f0e103660c957ce1811aa5b9728d7cc935a281b

    • SSDEEP

      768:c7BBnMPbvFTFfQKH34d+9cyIr0m3TD9hPCx1k82cPaullkeRmS7U2LqGC6JK+4:onMPbhCKH34Y9orDRBCI8lhxqGC6JK+4

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks