5801f01f8cb95ac2422c69a04f9d55b0b6402e54c19349073967901251a712cd | Triage

Sharing

General

Target

j3u2zjaduytgubnz.exe
Size

438KB
Sample

240127-ryvdssfhek
MD5

0267def7d28448bddbfef8943668a1cb
SHA1

f78978916611a0d0e6072bcf81a23171e2236a77
SHA256

5801f01f8cb95ac2422c69a04f9d55b0b6402e54c19349073967901251a712cd
SHA512

626b721cde48d1a4f3d9a6ff55e812fa410fc560f4aeb5f518d565b4ff11df7b9859f7470de459a69dca3c68e7145b5e454fab32e8e8ad53f26973ec5cc17f91
SSDEEP

6144:wW8ofz+S4ktLFPl+ijd33oSXBenV+tH7t4y7G4Z:wT+6Sh33oSXBm+tbGdo

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1yzIedgOlbPjUc006zFjrkRkJWDbchF0u

Targets

- Target
  
  j3u2zjaduytgubnz.exe
- Size
  
  438KB
- MD5
  
  0267def7d28448bddbfef8943668a1cb
- SHA1
  
  f78978916611a0d0e6072bcf81a23171e2236a77
- SHA256
  
  5801f01f8cb95ac2422c69a04f9d55b0b6402e54c19349073967901251a712cd
- SHA512
  
  626b721cde48d1a4f3d9a6ff55e812fa410fc560f4aeb5f518d565b4ff11df7b9859f7470de459a69dca3c68e7145b5e454fab32e8e8ad53f26973ec5cc17f91
- SSDEEP
  
  6144:wW8ofz+S4ktLFPl+ijd33oSXBenV+tH7t4y7G4Z:wT+6Sh33oSXBm+tbGdo
Score

10^/10
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1