33eae3d42e8abcc05861778c8679759c347a54a3f386b5927afae7538c520472 | Triage

Sharing

General

Target

33eae3d42e8abcc05861778c8679759c347a54a3f386b5927afae7538c520472.ps1
Size

1KB
Sample

240411-bhbzhsbb8z
MD5

23fef73a024bf14f093a75a10423c4b7
SHA1

b004fc269a805b62ba8003e4ccd84f07fd154e51
SHA256

33eae3d42e8abcc05861778c8679759c347a54a3f386b5927afae7538c520472
SHA512

9d42b3e14d9cc0b468c292b10685d180e99282daafbbbe38597a789e070ae16d5c4146755ea2c1c6965f9334b8cfad9f0aa9e0309f33f281737096ecc7ab5f7d

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1226798936191275040/xny3erWZgT6_StcjDsPJjgr9lWZD93Ah7jP9Rea5DEZV2sNLvmJgi2VFT3I42_QTovY_

Targets

- Target
  
  33eae3d42e8abcc05861778c8679759c347a54a3f386b5927afae7538c520472.ps1
- Size
  
  1KB
- MD5
  
  23fef73a024bf14f093a75a10423c4b7
- SHA1
  
  b004fc269a805b62ba8003e4ccd84f07fd154e51
- SHA256
  
  33eae3d42e8abcc05861778c8679759c347a54a3f386b5927afae7538c520472
- SHA512
  
  9d42b3e14d9cc0b468c292b10685d180e99282daafbbbe38597a789e070ae16d5c4146755ea2c1c6965f9334b8cfad9f0aa9e0309f33f281737096ecc7ab5f7d
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2