Overview

overview

8

Static

static

1

powershell1.ps1

windows7-x64

8

powershell1.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    powershell1

  • Size

    19KB

  • Sample

    230608-lhr1vaec4w

  • MD5

    624511fd8262b517f7206dbfdea0a907

  • SHA1

    0d7392280c3938c707d9f9e7b164ef8ef6c608ac

  • SHA256

    2eb7cd3e697cae039499f05cd5cb8ea7dc47334227b894373582c2946bda547c

  • SHA512

    dd2b9a1adcdebb86ac134019ee54f3cfb10f346d380dcb74d5ea2ea27ca145b9ce89320997dc6b92c7122d01b5bb92c4756ce4bd58ee1604797b61223d7a63de

  • SSDEEP

    384:QnhcaCWyW+ud7/HLHajbwHcGlftuLGuIw3wNM7LMVqNGGGMrGMbGba0Ni0aRseup:QnhcaCWyW+ud7/r6jbw8GlftuLGuIwfW

Score
8/10

Malware Config

Targets

    • Target

      powershell1

    • Size

      19KB

    • MD5

      624511fd8262b517f7206dbfdea0a907

    • SHA1

      0d7392280c3938c707d9f9e7b164ef8ef6c608ac

    • SHA256

      2eb7cd3e697cae039499f05cd5cb8ea7dc47334227b894373582c2946bda547c

    • SHA512

      dd2b9a1adcdebb86ac134019ee54f3cfb10f346d380dcb74d5ea2ea27ca145b9ce89320997dc6b92c7122d01b5bb92c4756ce4bd58ee1604797b61223d7a63de

    • SSDEEP

      384:QnhcaCWyW+ud7/HLHajbwHcGlftuLGuIw3wNM7LMVqNGGGMrGMbGba0Ni0aRseup:QnhcaCWyW+ud7/r6jbw8GlftuLGuIwfW

    Score
    8/10

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks