Overview

overview

10

Static

static

10

fchar256_stage1.ps1

windows7-x64

3

fchar256_stage1.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fchar256_stage1.ps1

  • Size

    271B

  • Sample

    240511-ntzwyahd65

  • MD5

    0e02d6462245c6882d570cb675678a02

  • SHA1

    3e90fd294e6e10ac0a2939c951144240861e4a58

  • SHA256

    e1958911ca0daefd39f33381ac78e0ae8b9c7252d1091e6b13402f9586f19f3a

  • SHA512

    415834c822e6e4c5140b004f86edd4e3a2024516dafd7db1d6853bd51da28864fe219f6778dd2a06fa2da9e5fd84584c8201da98ad99db47616f8564b1444f95

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://104.214.170.137/fchar256.ps1

Targets

    • Target

      fchar256_stage1.ps1

    • Size

      271B

    • MD5

      0e02d6462245c6882d570cb675678a02

    • SHA1

      3e90fd294e6e10ac0a2939c951144240861e4a58

    • SHA256

      e1958911ca0daefd39f33381ac78e0ae8b9c7252d1091e6b13402f9586f19f3a

    • SHA512

      415834c822e6e4c5140b004f86edd4e3a2024516dafd7db1d6853bd51da28864fe219f6778dd2a06fa2da9e5fd84584c8201da98ad99db47616f8564b1444f95

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks