514cd71508ca9b3f35afe09a943e97c547e9caeda12cd9083b1d3982068d692b | Triage

Sharing

General

Target

runlastrun.ps1
Size

9KB
Sample

230518-qmskdshg8v
MD5

81424820bdf139b1fe3de3faa4e98ae6
SHA1

926ec26d628e25bb746325172139c01aa130993d
SHA256

514cd71508ca9b3f35afe09a943e97c547e9caeda12cd9083b1d3982068d692b
SHA512

5b97d7097f62290c68e2a1123acf07c2d5748b180f93a2b8fd310062648eaa647f9d810dde9c58bbc8ad1b48b368e3d2af7a4a88be50c89fb4e91de532f64091
SSDEEP

192:BQiSRKxM+2lboe/eFlFN9qoJLlFobU2pf6kXP:BQik68lpx

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1GUfzCH1FsSSQZ_Xf8HwOLgqhsygBTnK9&confirm=t

Targets

- Target
  
  runlastrun.ps1
- Size
  
  9KB
- MD5
  
  81424820bdf139b1fe3de3faa4e98ae6
- SHA1
  
  926ec26d628e25bb746325172139c01aa130993d
- SHA256
  
  514cd71508ca9b3f35afe09a943e97c547e9caeda12cd9083b1d3982068d692b
- SHA512
  
  5b97d7097f62290c68e2a1123acf07c2d5748b180f93a2b8fd310062648eaa647f9d810dde9c58bbc8ad1b48b368e3d2af7a4a88be50c89fb4e91de532f64091
- SSDEEP
  
  192:BQiSRKxM+2lboe/eFlFN9qoJLlFobU2pf6kXP:BQik68lpx
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2