General
-
Target
color.ps1
-
Size
2.2MB
-
Sample
230303-kvklvsgc4x
-
MD5
742c528a179fdf26356aa239ce901c56
-
SHA1
d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9
-
SHA256
28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b
-
SHA512
2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd
-
SSDEEP
24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R
Static task
static1
Behavioral task
behavioral1
Sample
color.ps1
Resource
win7-20230220-en
Malware Config
Extracted
bumblebee
Extracted
bumblebee
lg0203
209.141.53.174:443
157.254.194.119:443
160.20.147.242:443
205.185.113.34:443
37.28.155.36:443
194.135.33.184:443
51.75.62.204:443
173.234.155.246:443
172.86.120.111:443
185.173.34.35:443
146.19.173.86:443
194.135.33.85:443
51.68.144.43:443
23.82.140.155:443
104.168.157.253:443
23.254.167.63:443
195.133.192.10:443
107.189.12.129:443
91.206.178.234:443
103.175.16.104:443
209.141.40.19:443
107.189.5.17:443
Targets
-
-
Target
color.ps1
-
Size
2.2MB
-
MD5
742c528a179fdf26356aa239ce901c56
-
SHA1
d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9
-
SHA256
28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b
-
SHA512
2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd
-
SSDEEP
24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-