General

  • Target

    01944c55c4d7e07f322aa6d6924ec19bb17e1e1a86ff4b0bf9f9281585c73f26

  • Size

    59KB

  • Sample

    240523-nemm3aeb8x

  • MD5

    e416bb6d44ea4144e73d9f6bfd131060

  • SHA1

    2ed98b87a91d9be7b6d18ae9b48a030e06471f00

  • SHA256

    01944c55c4d7e07f322aa6d6924ec19bb17e1e1a86ff4b0bf9f9281585c73f26

  • SHA512

    019de3fa55b192186c254a7e93e36dbfc2a8592170421a54a87edf79cc3d3605236dc7d74c6d32ec0847a27d20dd167fcd0f5011029ed6bfbfbcce0ecd2c1af0

  • SSDEEP

    768:Vmgad+mMT+DhO0PJBlrULJpr0DQwMJFTPE8uY:VkV64BJ4LJUQwMJZM

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://upload.standoff365.info/tubes/tyagi.exe

Targets

    • Target

      01944c55c4d7e07f322aa6d6924ec19bb17e1e1a86ff4b0bf9f9281585c73f26

    • Size

      59KB

    • MD5

      e416bb6d44ea4144e73d9f6bfd131060

    • SHA1

      2ed98b87a91d9be7b6d18ae9b48a030e06471f00

    • SHA256

      01944c55c4d7e07f322aa6d6924ec19bb17e1e1a86ff4b0bf9f9281585c73f26

    • SHA512

      019de3fa55b192186c254a7e93e36dbfc2a8592170421a54a87edf79cc3d3605236dc7d74c6d32ec0847a27d20dd167fcd0f5011029ed6bfbfbcce0ecd2c1af0

    • SSDEEP

      768:Vmgad+mMT+DhO0PJBlrULJpr0DQwMJFTPE8uY:VkV64BJ4LJUQwMJZM

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

MITRE ATT&CK Enterprise v15

Tasks