0a8d74ef600d34683b3a513205db882f1256c18246d4fd6c9bf68ba882d789d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gamer.bat
Size

5KB
Sample

230919-cw36laec7t
MD5

6bc42a295b72dbbfd1e94e2ccc30faff
SHA1

79620ad69422bb14b58fbcbc301bace98f6b0c68
SHA256

0a8d74ef600d34683b3a513205db882f1256c18246d4fd6c9bf68ba882d789d2
SHA512

998023dc6e39fc9611889d4a5e6cc4286b1180fdf6a3178341a4027ab02fb4c3aff5fa077add7aa73352131c2edae8cb6f4540b01eff203ed61e3e6760af9414
SSDEEP

96:OyPPks5E5hnCSMb6p5dvxiaXa05CACvEMRu5CECvElCw2+c:tPPQXp5dvkaXa05CACvEMI5CECvEMw4

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://discord.com/api/webhooks/1152857858543718450/qR3bD0V-wMFzOw9cnKsF3KjME7YhDRXOkZep_Oy4ztLtCIN3pK5i3wdOMzSNp6Ry3Xvv

Targets

- Target
  
  gamer.bat
- Size
  
  5KB
- MD5
  
  6bc42a295b72dbbfd1e94e2ccc30faff
- SHA1
  
  79620ad69422bb14b58fbcbc301bace98f6b0c68
- SHA256
  
  0a8d74ef600d34683b3a513205db882f1256c18246d4fd6c9bf68ba882d789d2
- SHA512
  
  998023dc6e39fc9611889d4a5e6cc4286b1180fdf6a3178341a4027ab02fb4c3aff5fa077add7aa73352131c2edae8cb6f4540b01eff203ed61e3e6760af9414
- SSDEEP
  
  96:OyPPks5E5hnCSMb6p5dvxiaXa05CACvEMRu5CECvElCw2+c:tPPQXp5dvkaXa05CACvEMI5CECvEMw4
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2