a8e8f8be57220f28c70784b6cd2cd57d2d0bff4d492e25de0c7204d268057ecc | Triage

Sharing

General

Target

mcgen.exe
Size

298KB
Sample

230203-tnypksbe7w
MD5

189246d3e95dcd53c1568356753c6e4a
SHA1

4b84b13c336da522eb8f99c7ec452167d70beea2
SHA256

a8e8f8be57220f28c70784b6cd2cd57d2d0bff4d492e25de0c7204d268057ecc
SHA512

a940136742bf947e04943b2c3a3cfd58a66c763b1c812a2f02cf29698c08bddca591deebb99caf977d9aa418fb21fd077fabf886a891cceadb9d122e5710e810
SSDEEP

3072:o7DhdC6kzWypvaQ0FxyNTBfqtja3r5MA0L5veDfOKVYUtdRGUNtRGi246Li:oBlkZvaF4NTBiov0LA1tRxNU4/

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/eRD2L2zm

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/AenkSFLe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/AuvYYBuV

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/FjW4pPaZ

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://pastebin.com/raw/WfBEBmP0

Targets

- Target
  
  mcgen.exe
- Size
  
  298KB
- MD5
  
  189246d3e95dcd53c1568356753c6e4a
- SHA1
  
  4b84b13c336da522eb8f99c7ec452167d70beea2
- SHA256
  
  a8e8f8be57220f28c70784b6cd2cd57d2d0bff4d492e25de0c7204d268057ecc
- SHA512
  
  a940136742bf947e04943b2c3a3cfd58a66c763b1c812a2f02cf29698c08bddca591deebb99caf977d9aa418fb21fd077fabf886a891cceadb9d122e5710e810
- SSDEEP
  
  3072:o7DhdC6kzWypvaQ0FxyNTBfqtja3r5MA0L5veDfOKVYUtdRGUNtRGi246Li:oBlkZvaF4NTBiov0LA1tRxNU4/
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1