dd3bd66ab94b92b2ed1e4b7bb0229098c2fe0f61bc085a8a288d95bb758e40c4 | Triage

Sharing

General

Target

commands.ps1
Size

418B
Sample

231014-bq3gfabc56
MD5

97290ff755649e9b1c2f3b5d03d76e87
SHA1

5801590111460f6ff6939ed7389719b0b1b40b8f
SHA256

dd3bd66ab94b92b2ed1e4b7bb0229098c2fe0f61bc085a8a288d95bb758e40c4
SHA512

8d4af2f1f19fb27c3fdaa173b364b39648b48a012876d6cd8af6fa3aad24696e7a62c321bc074737159a00baeb7a5cda0aa1ccafa41ab971eab0e94b29ca041a

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  commands.ps1
- Size
  
  418B
- MD5
  
  97290ff755649e9b1c2f3b5d03d76e87
- SHA1
  
  5801590111460f6ff6939ed7389719b0b1b40b8f
- SHA256
  
  dd3bd66ab94b92b2ed1e4b7bb0229098c2fe0f61bc085a8a288d95bb758e40c4
- SHA512
  
  8d4af2f1f19fb27c3fdaa173b364b39648b48a012876d6cd8af6fa3aad24696e7a62c321bc074737159a00baeb7a5cda0aa1ccafa41ab971eab0e94b29ca041a
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2