55c50598980390aa02d1922556972604cacbb6e539875da0f7df844b4ecda07b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

55c50598980390aa02d1922556972604cacbb6e539875da0f7df844b4ecda07b.cmd
Size

2KB
Sample

240524-qc7xbsef6y
MD5

087b783ae909498387c1dd7c397a4c52
SHA1

25cf13ddfe70130fc6e328461283fff804588ad1
SHA256

55c50598980390aa02d1922556972604cacbb6e539875da0f7df844b4ecda07b
SHA512

a300aef3ec1dc819a8419b5cb4c6a9621e38ab1ac613a6a699c1e9d4f73655a6342ac8bfc85c9f4c9fe790282851f51e90ff58c939ad18d0e9f48c52f4ec961e

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe

Targets

- Target
  
  55c50598980390aa02d1922556972604cacbb6e539875da0f7df844b4ecda07b.cmd
- Size
  
  2KB
- MD5
  
  087b783ae909498387c1dd7c397a4c52
- SHA1
  
  25cf13ddfe70130fc6e328461283fff804588ad1
- SHA256
  
  55c50598980390aa02d1922556972604cacbb6e539875da0f7df844b4ecda07b
- SHA512
  
  a300aef3ec1dc819a8419b5cb4c6a9621e38ab1ac613a6a699c1e9d4f73655a6342ac8bfc85c9f4c9fe790282851f51e90ff58c939ad18d0e9f48c52f4ec961e
Score

10^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2