General
-
Target
runlastrun.ps1
-
Size
9KB
-
Sample
230518-qmskdshg8v
-
MD5
81424820bdf139b1fe3de3faa4e98ae6
-
SHA1
926ec26d628e25bb746325172139c01aa130993d
-
SHA256
514cd71508ca9b3f35afe09a943e97c547e9caeda12cd9083b1d3982068d692b
-
SHA512
5b97d7097f62290c68e2a1123acf07c2d5748b180f93a2b8fd310062648eaa647f9d810dde9c58bbc8ad1b48b368e3d2af7a4a88be50c89fb4e91de532f64091
-
SSDEEP
192:BQiSRKxM+2lboe/eFlFN9qoJLlFobU2pf6kXP:BQik68lpx
Static task
static1
Behavioral task
behavioral1
Sample
runlastrun.ps1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
runlastrun.ps1
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1GUfzCH1FsSSQZ_Xf8HwOLgqhsygBTnK9&confirm=t
Targets
-
-
Target
runlastrun.ps1
-
Size
9KB
-
MD5
81424820bdf139b1fe3de3faa4e98ae6
-
SHA1
926ec26d628e25bb746325172139c01aa130993d
-
SHA256
514cd71508ca9b3f35afe09a943e97c547e9caeda12cd9083b1d3982068d692b
-
SHA512
5b97d7097f62290c68e2a1123acf07c2d5748b180f93a2b8fd310062648eaa647f9d810dde9c58bbc8ad1b48b368e3d2af7a4a88be50c89fb4e91de532f64091
-
SSDEEP
192:BQiSRKxM+2lboe/eFlFN9qoJLlFobU2pf6kXP:BQik68lpx
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-