Overview

overview

8

Static

static

1

gvnbazHr.ps1

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    gvnbazHr.ps1

  • Size

    251B

  • Sample

    240203-r4n4zabhb4

  • MD5

    e31ce56d200bbf2589e3984299e17183

  • SHA1

    4188b9209d91f6918b27b8663dbb5f863176f530

  • SHA256

    217f1aa91b4d90e06b036e87fd35adfefa5da9efac8de45cea2f7f50af88527f

  • SHA512

    6de322b87b584b109899c1ba6f89d59d997138baea5e0d65a54d749c91382382b468d1639f13a93fe9268affabe255d4e93f1e52257b56f00e8e40f4f2844aa2

Score
8/10
microsoftphishing

Malware Config

Targets

    • Target

      gvnbazHr.ps1

    • Size

      251B

    • MD5

      e31ce56d200bbf2589e3984299e17183

    • SHA1

      4188b9209d91f6918b27b8663dbb5f863176f530

    • SHA256

      217f1aa91b4d90e06b036e87fd35adfefa5da9efac8de45cea2f7f50af88527f

    • SHA512

      6de322b87b584b109899c1ba6f89d59d997138baea5e0d65a54d749c91382382b468d1639f13a93fe9268affabe255d4e93f1e52257b56f00e8e40f4f2844aa2

    Score
    8/10
    microsoftphishing

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks