General
-
Target
https://login.live.com/oauth20_authorize.srf?client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&scope=openid+profile&redirect_uri=https%3a%2f%2fteams.microsoft.com%2fgo&response_type=id_token&state=eyJpZCI6IjRkMDQyMmIyLWQxNmUtNDdhYS04ZTc3LTVjZjUxZjU2MmFhZiIsInRzIjoxNjg2NDI5MjcxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3d&response_mode=fragment&nonce=b9062f58-8e2a-4a83-9fb1-589d5b20a216&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&uaid=e959efa471284aa491c259153eada6b9&msproxy=1&issuer=mso&tenant=common&ui_locales=de-DE&client_info=1&signup=1&lw=1&fl=easi2&epct=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrBqQpU4JDo0jPKTAqWXxJ2VIVoCwCgBeeIg5AH4ZC09lo0RGb7D31Ho43mNMwXMRAHh9ePhJhIIMTqcZVWnZJUKaoYp1MQsomg9TGVMOimmIoyow_bVmjm3CmLwpjLe3QSJwXzOh7dYFT2I7WJd9NdITQrysxplh150BT9SGvLOYA6V4XyMX8F9WXiZeD1etZmHX-1QRz7jtqrP92fFJCgSAA&jshs=0
-
Sample
230610-zc8cjafg55
Malware Config
Targets
-
-
Target
https://login.live.com/oauth20_authorize.srf?client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&scope=openid+profile&redirect_uri=https%3a%2f%2fteams.microsoft.com%2fgo&response_type=id_token&state=eyJpZCI6IjRkMDQyMmIyLWQxNmUtNDdhYS04ZTc3LTVjZjUxZjU2MmFhZiIsInRzIjoxNjg2NDI5MjcxLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0%3d&response_mode=fragment&nonce=b9062f58-8e2a-4a83-9fb1-589d5b20a216&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&uaid=e959efa471284aa491c259153eada6b9&msproxy=1&issuer=mso&tenant=common&ui_locales=de-DE&client_info=1&signup=1&lw=1&fl=easi2&epct=PAQABAAEAAAD--DLA3VO7QrddgJg7WevrBqQpU4JDo0jPKTAqWXxJ2VIVoCwCgBeeIg5AH4ZC09lo0RGb7D31Ho43mNMwXMRAHh9ePhJhIIMTqcZVWnZJUKaoYp1MQsomg9TGVMOimmIoyow_bVmjm3CmLwpjLe3QSJwXzOh7dYFT2I7WJd9NdITQrysxplh150BT9SGvLOYA6V4XyMX8F9WXiZeD1etZmHX-1QRz7jtqrP92fFJCgSAA&jshs=0
Score5/10-
Detected potential entity reuse from brand microsoft.
-