0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b

Resubmissions

15/04/2024, 17:37

240415-v66nksed8w 7

15/04/2024, 17:34

240415-v5ll1sed3z 7

15/04/2024, 17:30

240415-v3fmzsca66 3

15/04/2024, 17:27

240415-v1vdcseb8w 7

Sharing

Copy URL

Twitter E-mail

General

Target

WindowsPowerShell.zip
Size

2.9MB
Sample

240415-v66nksed8w
MD5

4beaf6b031c0c5207b19918913b57e0d
SHA1

c9856b91a671619302799d166875cfda119fb121
SHA256

0432dca5d3f8623103c1e112f052a4ed7990d550b029c445858ffc94a9abe65b
SHA512

3eb79e807c5a8ecda39d8da9591bef48d7db49004ad052c6e2e4a53d922cd97d2ded480c04d5397b946f9a0bc5944d2a45dc026fe35919e0c9aa63715b47095e
SSDEEP

49152:VDMkyxtSYe6vWnyXkeC9TDVG2wl9Bs1DIN1BWWh7PbCpoV0pX8o7mQuzg7pVa1GV:Gky33e6+nmCts2cBN5Cpc0986wqm1gt1

Score

7^/10

Malware Config

Targets

- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataAdapter.ps1
- Size
  
  167KB
- MD5
  
  69f6124df57a8ef2ea208e3fb357d5e6
- SHA1
  
  1ac378e2c6d166dd242d7e94ebd1b149684cdd19
- SHA256
  
  04f67ace87fce03e811a73d893b600f91aa1eca385fe96c38a1f69e6f69ac58d
- SHA512
  
  006b423ec673b8274857a70b2bcc860d8a4d141c46ac29e322a8db932c0ac7561bd348a3801258d856aec833633c23b182300e6cdc54b1e0f0aa807cf5e19920
- SSDEEP
  
  1536:3nFjI/lEAvZQgVBFgV5wZcn2qMRM00x4H0kRi7DxEikx8UkZd:VDd
Score

1^/10
behavioral1 behavioral2
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtils.psm1
- Size
  
  19KB
- MD5
  
  b8907f15b686a4806a68a01e29e1c529
- SHA1
  
  5090f22bb9c0b168c7f5e9e800784a05afccbc4f
- SHA256
  
  9ea4bd3d8fb8f490e8099e0412f091e545af028e3c4caf179324b679124d1742
- SHA512
  
  5d064df15eea9357af29e3b9b4d0b659c2d7396b1048aaf505eccdb4087144d8b820534832aedffe0b883dc7021ca9994fd4d0923e0fb355121b5aecf142bd21
- SSDEEP
  
  384:JuRi0DcnIF6Dr87gOvif0xYxMZjOSdhsElQFDEoC6DrAmKltIEex7n+Z1uMAKKsV:digOvif0OxMdOSdhH88QS
Score

1^/10
behavioral3 behavioral4
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataUtilsHelper.ps1
- Size
  
  50KB
- MD5
  
  9bfe41ea0fe8c57286d256feca46012b
- SHA1
  
  a920d0706fcea648d28638e9198bcc368996b8fd
- SHA256
  
  0d905709ab1174f8e12a063f259a52dabe85caeb8018985f5411f1ce9c6c99c3
- SHA512
  
  3d1a024892d5609f4e62e3ac2532cdc2f329ebedb589bc3cf6995f5b1faa376e25a6f4743b9aa987e3bda9af927a29c4bdf8a69b689e869da176b22dbdced2c6
- SSDEEP
  
  384:L9lIYb/1AgQ/nrfibtuXk1CWsX5KN9vusSRHjZgsx0Byn/LwfxwXTKJzu7wLSdVn:L9lIqQuOEGM2gyQ6d7InPr83nJ
Score

1^/10
behavioral5 behavioral6
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.PowerShell.ODataUtils/Microsoft.PowerShell.ODataV4Adapter.ps1
- Size
  
  107KB
- MD5
  
  42051ae4347f7f87b05439def05da3bd
- SHA1
  
  4951d34ef048ed8c69c33623c39f5ad5dc6d1136
- SHA256
  
  707bc293d8eb5aeaa23cb6a3c513a63dee7759ccba1471e7a3058948c1c1b074
- SHA512
  
  06e6a449eb64c9bdcd8b0b5d34ec85c5dab2ac0ac8cebd3f54ba8591a3236532ba119480262c95fb67df1a473f539c598613c2a0eefb879e9bf50efa8c9bf325
- SSDEEP
  
  1536:VQZY4yPbyb/1DLfFDWhIHMH8LaLyhYL/GMB:6L/1whSAvn
Score

1^/10
behavioral7 behavioral8
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/Microsoft.Windows.Bcd.dll
- Size
  
  36KB
- MD5
  
  f080c599ec7251581528b939a5993236
- SHA1
  
  d36161e30e0fd1fc2a2b702d3f1faf99596d0bd0
- SHA256
  
  410bbf9561fb2c9ef5a3b7c645b5b413a3da334c6cccb703c010761e82938930
- SHA512
  
  ba669a9c5fa528e694841da78a4a7a2142d16589a31280b115d8f7b5b030e6c2cdc7f06d1f7a9e6610db5fc5422bc32c9696c05737c83a4b7d031abd03954ca0
- SSDEEP
  
  768:EnQjf1TqzfdJHBJe2J7XR4Q99VkFB7bNBcqrraj50L7iPOBM:EnQjf1+zfPBXR4QB8bNbrWj50CPL
Score

1^/10
behavioral10 behavioral9
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/en/Microsoft.Windows.Bcd.Cmdlets.Resources.dll
- Size
  
  14KB
- MD5
  
  01279c556a7d8898b20bdf53dd0ac141
- SHA1
  
  6f57d99a6f65783f1c0dc84cf1e144503876acbd
- SHA256
  
  99fba182d525e185cceebdf7340733898f64db9827ba78bfc6d4b54b9edcbe08
- SHA512
  
  acb5d39ea4f838a0939b7eb1bf5df7aafeae34a1d1adc9c364d220755a59086417e4fd6d97c5002795c8b9628274110bed1b5065f6e66cf3e0cf37a45088c1c7
- SSDEEP
  
  384:XpUa4s+d9nvxbr801xcsUI9I9EJOYUW59XgW:ZUa4Pbr801xcnI9I9AR
Score

1^/10
behavioral11 behavioral12
- Target
  
  WindowsPowerShell/v1.0/Modules/Microsoft.Windows.Bcd.Cmdlets/en/Microsoft.Windows.Bcd.Resources.dll
- Size
  
  4KB
- MD5
  
  9073a600e5cf48294030bccd62607b9f
- SHA1
  
  b44249b7082c9d97d56cf71a0d2f155f4f2a9535
- SHA256
  
  8d993e0af78c2d3e85c3793df2674f531fa3bb3cf7c698b88201de358c24663c
- SHA512
  
  d3430abe1568e68f0c61341936379f1fb272850c205a2ad8457230d69dacb7025a04caff232b3fac44db8005ca9564df130a996fd9a169c3bbf700404958f61b
- SSDEEP
  
  48:69vRsHZlvI0mef7b138nw1bzbAbITPhOyXAuoZWSVci5Wqg:es7vI0meRfX0kTp9kWZCW
Score

1^/10
behavioral13 behavioral14
- Target
  
  WindowsPowerShell/v1.0/Modules/MsDtc/TestDtc.psm1
- Size
  
  25KB
- MD5
  
  9d37d2fe10f3c1f16931ab4b691133bb
- SHA1
  
  415e23c3cfa584b348a9eebf6537870bdb3a4d44
- SHA256
  
  b548f01cd3a09293cfb7820aad0cd1b715710840850efdb78b2744ed2a734ba8
- SHA512
  
  760e8d956dd096890e08ca962e41069c3f3225a912d2577de3b5394ccc3e9558139b37d277060073cc29456fff8a37c112e32ba5a158cf0541305bdc372b20b8
- SSDEEP
  
  384:X6SKl6lfTObCC/sgIl3Q8d4lPunQPQ/GUL1rfmav:K7sN6bCC/25nnQPQ/1v
Score

1^/10
behavioral15 behavioral16
- Target
  
  WindowsPowerShell/v1.0/Modules/MsDtc/en/Microsoft.Dtc.PowerShell.Resources.dll
- Size
  
  13KB
- MD5
  
  e4df90972e425f0a0cb22cde25306d73
- SHA1
  
  1f8bfa94def88b2680fcdd33a12a49feacf92dc3
- SHA256
  
  35f74d9c4b991c40f7d786ac334f5fbc9a5f043355d49a6630af7ae02c76f9dd
- SHA512
  
  ddf6ee3a1fd33eb7243798abdddcec8e4ba4f34b3bfc28a03d3ca76f61b63140bdd8d5dad793ef56477d9810fae3b408887914bed3d321d1178e1f727b7066eb
- SSDEEP
  
  192:uW4FXXQgxR0L/Vzd73oX0i/6L/TyFegtqgUGkpsmwWbVKW:uXFdRcdzp3oX0iUwolps/WbVKW
Score

1^/10
behavioral17 behavioral18
- Target
  
  WindowsPowerShell/v1.0/Modules/SmbShare/SmbScriptModule.psm1
- Size
  
  8KB
- MD5
  
  a2c239dfae261e44f9de4cb7b687a119
- SHA1
  
  cc620907f18ad1219645ed4b8496cae48d2f857b
- SHA256
  
  a13eabc75b65e7dc8f69f94ad5883a09a518bd85d892f8f75c58e912d7923cda
- SHA512
  
  897b541c154f4154bc66196338b1bba653fdd978c022d0f11b37fdc6fba33369b16f3330ae9910a970885fa13792ad936909fc4e0a689f96b6cdc8f351179086
- SSDEEP
  
  96:ex+GSox0OwBxCrrYxup8LlYUa18LVa8J68Lk5Sqdkc6s1XwKTSwG48ilwiHIHCER:Q+y0OwvCeu+lYYVaSJq3fcf4bwdkW
Score

1^/10
behavioral19 behavioral20
- Target
  
  WindowsPowerShell/v1.0/Modules/TLS/tls.psd1
- Size
  
  793B
- MD5
  
  5900ae7e763a70e2e9b2b40529d3cd33
- SHA1
  
  cf927f3f5fc7b4146169578b8fd24eafa4fbf668
- SHA256
  
  df52555aabedfcf58abc81501527a86aad84c3316bce65414b0de00cc09949dc
- SHA512
  
  d2e1141e5504f3c976ce607088368ee72d96aa6aeba8736a665f1154c285725e5e741e51657ea2cc9182f1296eef4536cfff337f96c8c2e3dd242c1596341203
Score

1^/10
behavioral21 behavioral22
- Target
  
  WindowsPowerShell/v1.0/Modules/UEV/UEV.psd1
- Size
  
  1KB
- MD5
  
  8a30691397357c37b642b6083bd68e8f
- SHA1
  
  6bd0dd6950cbc497e4c4e7776ac157c1f080147f
- SHA256
  
  cbc69fbe452b1d1362095a8020d4478cc8bd67d98246f003a5518ebd88b37395
- SHA512
  
  7a9b8070e5bd297a7d6414cc80c1ddeff36e534ae7892aa4d463fcd3edf66305fc4c75e6c8e71e502b2e91908a3c4a03e10511b27f16dca7789b257fd50d18b2
Score

1^/10
behavioral23 behavioral24
- Target
  
  WindowsPowerShell/v1.0/Modules/VMDirectStorage/VMDirectStorage.format.ps1xml
- Size
  
  2KB
- MD5
  
  bc6ce0f52536b4253fe9c8620f8f34a3
- SHA1
  
  705774934a56d1343e237f672f088450333bda3d
- SHA256
  
  e9755fc8c1f065e111561c5fe0a88cd09c13dab00132aaef8c98b8cc8c854c39
- SHA512
  
  1fd2bb944e243643d27db0d8f1189b35351714bd20d115412c5c7d5ac710bc178d7f27e15a59106277b01c1688af9dcbdf637e002ae4ea148ad00ca8a2382f7d
Score

1^/10
behavioral25 behavioral26
- Target
  
  WindowsPowerShell/v1.0/Modules/VpnClient/PS_VpnConnection_v1.0.0.cdxml
- Size
  
  28KB
- MD5
  
  5316a9a9dd734aad904b7b53f3a5f7a2
- SHA1
  
  370ddd90e10b89e8149527c01859e79e4f079e02
- SHA256
  
  784191dcc63f1faacb881a14e3e6c3b2fd95871d2ad91543c9e590650b1866ad
- SHA512
  
  3ccd08c42cbddc67cb17c61304c30e64b3e0efa165fb1bbc1774dbb4ddb9172dc219f4e03b4b552c51425ee1dd91324311d7a0e50789fb1f6f38120d135c27d4
- SSDEEP
  
  384:SDV1DhuD5V1DODLDtD2DbDGDtD5iJD5pDNCDV1DODLD2DtDGDODaD3XDZHDtD2Dc:wsCQAbw
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral27 behavioral28
- Target
  
  WindowsPowerShell/v1.0/Modules/VpnClient/PS_VpnServerAddress_v1.0.cdxml
- Size
  
  1KB
- MD5
  
  f45547e60663d7b4bc02a4182fda841d
- SHA1
  
  a0a2bbdcd7f33e988115c588bd77fa80c3de7456
- SHA256
  
  71813b448a93a70d846dee293ebee26d0f3d75d2601c96e8a25a954857045622
- SHA512
  
  c78478485365d87e89f523615fbcbdcb3882e1795ad07cdbaa4e6730c3f0f02201bbe956e4686d060922bfea7793fa1599963ab447a329ca17dc4a8062610a69
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral29 behavioral30
- Target
  
  WindowsPowerShell/v1.0/Modules/VpnClient/VpnClient.psd1
- Size
  
  1KB
- MD5
  
  fe0d2479593ef3e9a22171335b248566
- SHA1
  
  0c0e19f289c12c115f3a87e3788d85210a52881c
- SHA256
  
  7fe7ccdd9c3311513f031317f7e2fbf8c707d8be0bcf3e3e1e46d318959fa9ed
- SHA512
  
  4410c3be5c4520cf581b1357e0e516e675fcb27c2811a0011559df41bba5665110b73bb15c4086d0f4127cfab7f6a862b1dad42c1bb1c74b3309e7e3d6762e68
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32