General
-
Target
refresh.ps1
-
Size
8KB
-
Sample
240229-qcq9ksaa3s
-
MD5
3cdc99c2649d1d95fe7768ccfd4f1dd5
-
SHA1
eea6b91e791cb1d2f0e019f0837dc4451b1b1b76
-
SHA256
e89171288ff084cba8aad31ca72f05478d4c7048435d25847607dfbbcf136046
-
SHA512
8b3314c8ac870bc542cf15f52ee92b0c2bdb079388aed623df2ab4f3fb5a396ab25a9959e49a10b8afae56d0553a40053e230aac2af6ed1f4b42be97b5f62dc6
-
SSDEEP
48:0n6LdRX63C2Fa2iUz2WnESMBGOkdsPp33Wz1MecEZEej9Kh8shU3e:DLdRX63Q
Static task
static1
Behavioral task
behavioral1
Sample
refresh.ps1
Resource
win7-20240221-en
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
refresh.ps1
-
Size
8KB
-
MD5
3cdc99c2649d1d95fe7768ccfd4f1dd5
-
SHA1
eea6b91e791cb1d2f0e019f0837dc4451b1b1b76
-
SHA256
e89171288ff084cba8aad31ca72f05478d4c7048435d25847607dfbbcf136046
-
SHA512
8b3314c8ac870bc542cf15f52ee92b0c2bdb079388aed623df2ab4f3fb5a396ab25a9959e49a10b8afae56d0553a40053e230aac2af6ed1f4b42be97b5f62dc6
-
SSDEEP
48:0n6LdRX63C2Fa2iUz2WnESMBGOkdsPp33Wz1MecEZEej9Kh8shU3e:DLdRX63Q
-
Detect ZGRat V1
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-