4a98a49f3b4b3013d38069110fccb50850cb2a42088bf7b49054da5cc0ef7a0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a98a49f3b4b3013d38069110fccb50850cb2a42088bf7b49054da5cc0ef7a0d
Size

144KB
Sample

230320-17f27sff29
MD5

b5baf2e6261a1fb05bb2654c8d099dd6
SHA1

2a5b25fcb9e9f584d0a162b734c7dcc53c6e0550
SHA256

4a98a49f3b4b3013d38069110fccb50850cb2a42088bf7b49054da5cc0ef7a0d
SHA512

4ac6847ff23850bbdb04f696c85444ff2d1aa38cf508d60e6c1638e877b4233bf343e43cbcf84dd50151c593c5a181679488c207f8ea80dc088518f99e50d7d3
SSDEEP

3072:M3k4kJ0kG19TreGG+7OAobjyix99Ab2sERmAiBfcneZahqMVnoJN/:BAnER7KTMs/

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://www.mdegmm.com/pdf/debug2.ps1

Targets

- Target
  
  4a98a49f3b4b3013d38069110fccb50850cb2a42088bf7b49054da5cc0ef7a0d
- Size
  
  144KB
- MD5
  
  b5baf2e6261a1fb05bb2654c8d099dd6
- SHA1
  
  2a5b25fcb9e9f584d0a162b734c7dcc53c6e0550
- SHA256
  
  4a98a49f3b4b3013d38069110fccb50850cb2a42088bf7b49054da5cc0ef7a0d
- SHA512
  
  4ac6847ff23850bbdb04f696c85444ff2d1aa38cf508d60e6c1638e877b4233bf343e43cbcf84dd50151c593c5a181679488c207f8ea80dc088518f99e50d7d3
- SSDEEP
  
  3072:M3k4kJ0kG19TreGG+7OAobjyix99Ab2sERmAiBfcneZahqMVnoJN/:BAnER7KTMs/
Score

10^/10
- Blocklisted process makes network request
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2