0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

Resubmissions

15/04/2024, 17:37

240415-v66nksed8w 7

15/04/2024, 17:34

240415-v5ll1sed3z 7

15/04/2024, 17:30

240415-v3fmzsca66 3

15/04/2024, 17:27

240415-v1vdcseb8w 7

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsPowerShell.zip
Size

2.9MB
Sample

240415-v5ll1sed3z
MD5

4beaf6b031c0c5207b19918913b57e0d
SHA1

c9856b91a671619302799d166875cfda119fb121
SHA256

0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b
SHA512

3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e
SSDEEP

49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score

7^/10

Malware Config

Targets

- Target
  
  WindowsPowerShell/v1.0/Modules/Dism/Dism.psd1
- Size
  
  3KB
- MD5
  
  01e30f6e7a7441f98b283907b4b3b2f0
- SHA1
  
  79b703be162acbc765602cbfc346d1c27b7177c7
- SHA256
  
  b0f9a266da3c2233160ed723ebf647581883984f9b960a8c59852455da9203e1
- SHA512
  
  6810ae8b44578c63454d9a08f6b8678abe2a7f3cf34c0b8aff7b982cfdd0488a651fc66d498a9119b4264f415a8506cb642c4107d62dfc41d3771889fe0a5f76
Score

1^/10
behavioral1 behavioral2
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Archive/en-US/ArchiveResources.psd1
- Size
  
  5KB
- MD5
  
  b6fb8c9e94187c19d30332d19d9454e6
- SHA1
  
  b5613fbea2aeb44db3e4e4b5f0c99ce3189c0a5c
- SHA256
  
  1e74df4fb9cadd8c0ab63c48789221aff0d9fb3ebeab8420410ebfad14571fd8
- SHA512
  
  d116a192892a0309df6950af99dd78bc61e34458637805e78f345dd9d68f853da84b5a6de4d9ec87624c66911bf4314740ca844297482dcff8ae245640411197
- SSDEEP
  
  96:t9PPKhxnT/uezmVgg9t5HcJ31VY7g92OINQeoDoXon:t9PCXnqezKgqLACfVWR
Score

1^/10
behavioral3 behavioral4
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Diagnostics/Microsoft.PowerShell.Diagnostics.psd1
- Size
  
  675B
- MD5
  
  8c667f4d468e3df1d7ababace768b9ee
- SHA1
  
  e9c54dab3216baf2abfe96a0732a208f063fb592
- SHA256
  
  3c59b91b00f9fe6cdf7cdef9265c7517ebe0c26f8cff70f3c5fc15e3bf7e67f0
- SHA512
  
  e83df56dc64de3eb5ccf2a9f40ca098baf9362d5989918fbd80203afed76189efb0a40e0f9d97d38606d8f965828e9631789d6673bdcf31fbe138a349d192694
Score

1^/10
behavioral5 behavioral6
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Host/Microsoft.PowerShell.Host.psd1
- Size
  
  455B
- MD5
  
  0431ce57285a9dad6afaca1d8a997906
- SHA1
  
  1f90a95728e4327daa84c4e798032687619c4a7a
- SHA256
  
  c13dac2037187b2fd18598e611137c5fd540050d5a85cedb44d06f05f1fbb852
- SHA512
  
  fdb27d503465656c3dedaa9ae9a455d339c5fac16aa7bd44754965be6dfe54c73a952bb4a7f48f209bc8d7d46b307e3eac82fcfd173baadcee69c95d79602f52
Score

1^/10
behavioral7 behavioral8
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/LocalAccounts.format.ps1xml
- Size
  
  3KB
- MD5
  
  7c5d2125dc6ff83578160e2411f3e50c
- SHA1
  
  d889cc3c474624572024c4be39ad25acdb893551
- SHA256
  
  0b5b8eecd3e4d9b12ab98fd98dd9551d27dd01fdadf5f118f1ef52834d483281
- SHA512
  
  00064a1bb36a7b3cb17df8a385e055ea2d8e2d4cef7e04a7ce454039c08359b98ea6e00571b347e723d2e7844a047e5bae16e61037b86aa9b747fb4322a89c5d
Score

1^/10
behavioral10 behavioral9
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.LocalAccounts/1.0.0.0/Microsoft.PowerShell.LocalAccounts.psd1
- Size
  
  1KB
- MD5
  
  c69d3853e5bce7c695c5bd37ba96d699
- SHA1
  
  6a79df1e70dbad4a0aa971823f85206a8d5faf8c
- SHA256
  
  cda4e020d5a53973f1290db25cad7e2cb746993d4fd12a68431db54681afd0cc
- SHA512
  
  524ec61d1056a98a3b4436b045d097988cb7723d0441e5721c1136f83c5240be233633e9fc1bf74dfc080a4d7e6c5198709ea76f2bf00dfa7c49be8a1639bf73
Score

1^/10
behavioral11 behavioral12
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Management/Microsoft.PowerShell.Management.psd1
- Size
  
  2KB
- MD5
  
  90741a929966119be0d0c9b7f66c0b6c
- SHA1
  
  ab3cc5cbabab4c3e02536c2ca6910036597e6a10
- SHA256
  
  91ea580e6bbc54148eadac5e8018f6e6edfd04bcd3cf07489a9028fdeea948a0
- SHA512
  
  8af83f14a6bd1b22a10109fa818c13079ca89c78ed560d678d7431ae2a82c3235b955c5cff0018bb5de33b6aabfd11d661f32ff67d4fb7edac5a5574b0996c00
Score

1^/10
behavioral13 behavioral14
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psd1
- Size
  
  5KB
- MD5
  
  e7b7d304f901913db03ec8a2c66928f7
- SHA1
  
  0eca57a45b2002d645d9ab9413db90aeea49e5eb
- SHA256
  
  0772d101921bb12f7d7a07f5fa795a04dacebb1bec33111f89b2d2f1740ea8c3
- SHA512
  
  d6d73a910ecd622486b4f742bffe558458db217d0c802c493fd48dab02b27fb86852303a27131392aca67fa366088a0975e01f33f47f5596ae32237a4f4f7470
- SSDEEP
  
  48:9cw9b0HIfb2eVccuVXsWd9VOieYcxbYojfAW4x49HkVFgL5B2Q+zQHxLuIF5l+z9:9cGb0gLdhRfAR+KVFc5wv4xLuIF5gmQ5
Score

1^/10
behavioral15 behavioral16
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/en-US/Microsoft.PowerShell.ODataUtilsStrings.psd1
- Size
  
  11KB
- MD5
  
  45cb52ef9a4f8cbad6a4e389401c7af9
- SHA1
  
  b54c3c07d92c06cbab719d09ede588c05097ace7
- SHA256
  
  304a315267c0cef24839966b51d7e76019f62253dc50f0fc5c0279227094f614
- SHA512
  
  d9f07d0b4b4d804bf27aab7ebb6969bcb6de5f2ca1debc4a9b1bc950a6f5916ff02a5eaafb562237ef2875e1201e8478e452ab6d1363384d61fa5525e0c196f3
- SSDEEP
  
  192:sEaN1boLnAAsnNRjS/PxqhQXAOQBdOOH0UQcatN/Noeqi/Nv+I/N/866/:6N5TA46RZY1n764
Score

1^/10
behavioral17 behavioral18
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Security/Microsoft.PowerShell.Security.psd1
- Size
  
  776B
- MD5
  
  f4ab6d4a6c93a1add7b46c8edb9ec06d
- SHA1
  
  e630af88fbc6698fb8474d01fad05c42551444b6
- SHA256
  
  fa7150089e8a67a0aad27cd324d119b9778ccbead6242397780c5d5077246d30
- SHA512
  
  425e4bad8f6219414db677e0c51bba4df67de647919f2d5b400d941b0c7d96c2020f4058ad95abda5727620959f310a5d37067ade302620d11dfa9594bde42ae
Score

1^/10
behavioral19 behavioral20
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.Utility/Microsoft.PowerShell.Utility.psd1
- Size
  
  2KB
- MD5
  
  6b0dfc59faf81fe3af64848aee309c4e
- SHA1
  
  1f469f4637fdb4f8c1b42f83d7b8135c1ee505b1
- SHA256
  
  c09df190addc67f7c6c38e7ea1dca719fd87807107f688c3f60ed8816e1c48a6
- SHA512
  
  173fd9b7ec3876fc06e680a95c6e762803e91cfb628dd0942ef38dc2fbba7603b7a504dde1b28f57e81adc0d614317c92e4a75bccbb24f1ec75a371a9884af7f
Score

1^/10
behavioral21 behavioral22
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.WSMan.Management/Microsoft.WSMan.Management.psd1
- Size
  
  785B
- MD5
  
  651b3b06114705c88b92a8cd6a978526
- SHA1
  
  7d8e3d2f9b91e44a98b879e79cd55fb68c14a545
- SHA256
  
  96973a7f69c967fe665cde9ef7b82423f34ad5248f2fd35f88d25fcda3fb9035
- SHA512
  
  34ddb13ec8d2730ed718052c9e6ad5682c415b213b688d58f5a82be2e2c717b47719d6ed3d1627f2c4de51b93ee51548c280cfa45a22a9c67558fd1b93cb1320
Score

1^/10
behavioral23 behavioral24
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.Format.ps1xml
- Size
  
  5KB
- MD5
  
  7ea886d135ac103fd63063dca7e150a3
- SHA1
  
  a10f3d3ea34be2266be6611625136cad5ea8fa44
- SHA256
  
  a31837f742c1cc25397d8b06bf182b71f926035554cf575bbba34029f3da3403
- SHA512
  
  45b1ac8f92b8957c502726475d39a2a3f262be6aa8e4616d16549c4c45bc95f6729a0a47e8dafd75a396d931695f8e2329a6e918835bdc72a24dfdc2aa3a900d
- SSDEEP
  
  96:qAmLl6umMlRLTpBTUvmvQA6umMsSOEKzZBfEDgcRPx:qLlXHLTLUUQAHsoKz0DgcRPx
Score

1^/10
behavioral25 behavioral26
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.Cmdlets.psd1
- Size
  
  2KB
- MD5
  
  9b07cb90e78d467a0de7be0f4f958fe9
- SHA1
  
  c7014872c3c02f3c45b40aa109d113c0fa1002f7
- SHA256
  
  e94186903107b294eb1c8a9bf74068b4c4e828843c4d33696af733ee2e3dbef3
- SHA512
  
  6bc046823f5d9dfe1bf7c39f03a7246524f9b285c89e32e24c1bb9e89b571c56a7db900e6d3b4f5ec06febfbe2c75d67fa1f13347bfd96908ea6835493738109
Score

1^/10
behavioral27 behavioral28
- Target
  
  WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedHostSettingTask_v1.0.cdxml
- Size
  
  3KB
- MD5
  
  8ad3984071cd41f88be85478d9d3b927
- SHA1
  
  de487ad34ef752c5bd7128829fa06fc7a47bd723
- SHA256
  
  ef1d87489f53c6fac620fc4e1656931ac6b4050b2bba6ff03412417b5006ddc1
- SHA512
  
  4325334fe608c0bf5c98b0b7c263ee7c2c9d1f66010c2b3f931a6fc60265ba73cd8981a90ee54cd86374a81b22a74df7f18e87bde027de13c8061677f1606ef8
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  WindowsPowerShell/v1.0/Modules/MsDtc/MSFT_DtcAdvancedSettingTask_v1.0.cdxml
- Size
  
  3KB
- MD5
  
  5d3b6b8efdb22ab05507f985f511ce0a
- SHA1
  
  993e810d767b08df2adabad13d04dc8c5673b345
- SHA256
  
  2d892e242e809f9f00a74788aae4238f444c89457a14938fb8aad4368c69d107
- SHA512
  
  b47b83603aa15f3dc7b93ebc816b29da3231e65b4db0aa7e6e94a7516a57a85446b8a056c417637cc0ab50f5210659f03b3d23927093ce48d0a672a4563a969c
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32