9eee2cadf40bb350a094563313b2167769e625a404b09d6fec220143f418932c | Triage

Submit
Reports

Overview

overview

Static

static

installAgent.ps1

windows7-x64

1

installAgent.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

installAgent.ps1
Size

5KB
Sample

230721-khvw3acg52
MD5

c73ae14672e82e0c28b55557e2867e62
SHA1

bad14b7e2c561d0b1651f5732d7a0b7795b0de3b
SHA256

9eee2cadf40bb350a094563313b2167769e625a404b09d6fec220143f418932c
SHA512

c9a2cbd39562aeb6a50cd473a335eed358871374b4561649843b7695bc7b4c0c04274e6abb89c42238df33d5afc80699432c382dd6e93ff78c01b63a2247e590
SSDEEP

96:5POiwV7DNGEFLV3EqcktoCadnQnT71yTmKTgD4InLRsx4T+:VObDNGOL7DadQU9kD9f+

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

installAgent.ps1

Resource

win7-20230712-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

installAgent.ps1

Resource

win10v2004-20230703-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://agent.nigano.net:53/Windows_Agent.zip

Targets

- Target
  
  installAgent.ps1
- Size
  
  5KB
- MD5
  
  c73ae14672e82e0c28b55557e2867e62
- SHA1
  
  bad14b7e2c561d0b1651f5732d7a0b7795b0de3b
- SHA256
  
  9eee2cadf40bb350a094563313b2167769e625a404b09d6fec220143f418932c
- SHA512
  
  c9a2cbd39562aeb6a50cd473a335eed358871374b4561649843b7695bc7b4c0c04274e6abb89c42238df33d5afc80699432c382dd6e93ff78c01b63a2247e590
- SSDEEP
  
  96:5POiwV7DNGEFLV3EqcktoCadnQnT71yTmKTgD4InLRsx4T+:VObDNGOL7DadQU9kD9f+
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy