12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc | Triage

Submit
Reports

Overview

overview

Static

static

1

12c4d9eddc...fc.one

windows7-x64

Sharing

Copy URL Twitter E-mail

General

Target

12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc.one
Size

264KB
Sample

230202-zz242afh28
MD5

3431b5db65041c5c495deaf3a6c74006
SHA1

7a5ce0bf1d336f8d7b0a41d4e71327549f827c71
SHA256

12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc
SHA512

645db443ae98c50b4d336a26b684eb93eb4e6934df3adc82eec2bd1d502ea3c1bd89230e82fc83f6f20b33da96343926994e7f3af7df9406c76b1387989978f4
SSDEEP

3072:raA0YRw9/WITtTWR7IbNzvL1aaIuWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCCCv:ba9xytedL1dy4iERBBf3yBLTlz

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc.one

Resource

win7-20221111-en

windows7-x64

16 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://restlomik.com/gatef.php

Targets

- Target
  
  12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc.one
- Size
  
  264KB
- MD5
  
  3431b5db65041c5c495deaf3a6c74006
- SHA1
  
  7a5ce0bf1d336f8d7b0a41d4e71327549f827c71
- SHA256
  
  12c4d9eddce807d10e3578fcf2918366def586ec374a35957880a65dbd467efc
- SHA512
  
  645db443ae98c50b4d336a26b684eb93eb4e6934df3adc82eec2bd1d502ea3c1bd89230e82fc83f6f20b33da96343926994e7f3af7df9406c76b1387989978f4
- SSDEEP
  
  3072:raA0YRw9/WITtTWR7IbNzvL1aaIuWt4AJERnyNenUWHCoTCCCCCCCCCCCCCCCCCv:ba9xytedL1dy4iERBBf3yBLTlz
Score

10^/10
- Blocklisted process makes network request
- Deletes itself
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy