b96bf4c976b7f51f77cba5d03b37b95bfcdc6e30d42f024d3598f5d32e7c1fc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

trigger.ps1
Size

285B
Sample

240420-wq8zfaec77
MD5

d20d84eeb771210b03fe7587fdf0bec2
SHA1

6efaaae77cb5eb3819abd4cd8038f5c81d7da769
SHA256

b96bf4c976b7f51f77cba5d03b37b95bfcdc6e30d42f024d3598f5d32e7c1fc4
SHA512

bebad2176ad8e25e3649dca1f2c445a98ab9242610630543c93a3294b3d9b5ab18b5bc3eb274932e32372d04a1d3c773b06eaf32d5c4ce49290dd44acf2d0d52

Score

8^/10

Malware Config

Targets

- Target
  
  trigger.ps1
- Size
  
  285B
- MD5
  
  d20d84eeb771210b03fe7587fdf0bec2
- SHA1
  
  6efaaae77cb5eb3819abd4cd8038f5c81d7da769
- SHA256
  
  b96bf4c976b7f51f77cba5d03b37b95bfcdc6e30d42f024d3598f5d32e7c1fc4
- SHA512
  
  bebad2176ad8e25e3649dca1f2c445a98ab9242610630543c93a3294b3d9b5ab18b5bc3eb274932e32372d04a1d3c773b06eaf32d5c4ce49290dd44acf2d0d52
Score

8^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1