General
-
Target
biden.ps1
-
Size
9KB
-
Sample
240328-n4apsshf64
-
MD5
e62429208555cf13bd13daa51d233783
-
SHA1
2bc72af63361ee8923139b4e094a41a2da9c283d
-
SHA256
0c0ad15272b0408791d55e9700965cc05efe387850fbb2a7749f4ff08a886b8a
-
SHA512
3b3a41cb52884456978aa3007b2f48a1f780a1806af4a14b5f242f032e68b00041b7377ff5745f5705b8f1e18c0c6035ce43a67c058d1b4f157e12d7066dcda5
-
SSDEEP
192:B/OJvMKlT0WUCF55fKRH1FcWpa+C2faTombimi/sjq/1Puc0NVzPlw9MQ:6UyT0mfKcWc12STombiOY70N9Plw9J
Static task
static1
Behavioral task
behavioral1
Sample
biden.ps1
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://discord.com/api/webhooks/1220036894637948948/ljquzH5wIR176Vyn4DgBic0VaTCxSnsoZhUPJDI9xnRlz13VlyOzp6XdLsg3OgwSI4x3
https://i.ibb.co/VMjZW4N/jb.png
Extracted
C:\Users\Admin\Desktop\README.txt
support@thepcsecuritychannel.com
thepcsecuritychannel@hotmail.co.uk
Targets
-
-
Target
biden.ps1
-
Size
9KB
-
MD5
e62429208555cf13bd13daa51d233783
-
SHA1
2bc72af63361ee8923139b4e094a41a2da9c283d
-
SHA256
0c0ad15272b0408791d55e9700965cc05efe387850fbb2a7749f4ff08a886b8a
-
SHA512
3b3a41cb52884456978aa3007b2f48a1f780a1806af4a14b5f242f032e68b00041b7377ff5745f5705b8f1e18c0c6035ce43a67c058d1b4f157e12d7066dcda5
-
SSDEEP
192:B/OJvMKlT0WUCF55fKRH1FcWpa+C2faTombimi/sjq/1Puc0NVzPlw9MQ:6UyT0mfKcWc12STombiOY70N9Plw9J
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-