General
-
Target
ANQUAN.ps1
-
Size
26KB
-
Sample
230330-awr28aca5x
-
MD5
d223ac403e9ac14ae07b6edfeb018deb
-
SHA1
9be80a8babb8d08d07a68d5b1d0018992fe402fe
-
SHA256
7cf3379bd4c558c88f9a6e7b5aa6cda3aa9ba4289148e8ca6b0b55f378cd612e
-
SHA512
badab4bde445dd7231dc8995509c57cf4afc28d70627b1d199897f37ef59966e05f9c43d10750a439a842a463c4180d23a600fba3d6002ab77da5ca23d0b521e
-
SSDEEP
384:/IAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:gAUjKz6r5GeW+bOoCvK/imC6YEaxP
Static task
static1
Behavioral task
behavioral1
Sample
ANQUAN.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ANQUAN.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://43.136.14.33:50001/GSmV
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; UHS)
Targets
-
-
Target
ANQUAN.ps1
-
Size
26KB
-
MD5
d223ac403e9ac14ae07b6edfeb018deb
-
SHA1
9be80a8babb8d08d07a68d5b1d0018992fe402fe
-
SHA256
7cf3379bd4c558c88f9a6e7b5aa6cda3aa9ba4289148e8ca6b0b55f378cd612e
-
SHA512
badab4bde445dd7231dc8995509c57cf4afc28d70627b1d199897f37ef59966e05f9c43d10750a439a842a463c4180d23a600fba3d6002ab77da5ca23d0b521e
-
SSDEEP
384:/IAUl9V5xJCdNz6etOzzodsGeE3WdbSU0jRArxJDZF6boFUUC7+v6fCUqqgCENqn:gAUjKz6r5GeW+bOoCvK/imC6YEaxP
Score10/10-
Blocklisted process makes network request
-