General
-
Target
randomscript.ps1
-
Size
1KB
-
Sample
240601-2rysrahf3t
-
MD5
322d6110a033d0aadfc40c14b8668fc7
-
SHA1
810a4c158b6016c990ac9653e89a6e9af79d578c
-
SHA256
22b607cba20413cd4363dd69d04d7ecda694ce3cf514f965a74c3605c7793248
-
SHA512
8e7c57e67c61ef9480f29232015a375718ae4defcf2603069da297dac0e4c4792f2f95371fda521c7fae8e077d38bdb34c5169d9fddc45064b37488a1d5e0699
Static task
static1
Behavioral task
behavioral1
Sample
randomscript.ps1
Resource
win7-20240221-en
Malware Config
Extracted
https://drinkresources.rest/df/data.zip
https://stats.drinkresources.rest/post.php?status=2
https://stats.drinkresources.rest/post.php?status=3
Extracted
lumma
https://grazeinnocenttyyek.shop/api
https://horsedwollfedrwos.shop/api
https://patternapplauderw.shop/api
https://understanndtytonyguw.shop/api
https://considerrycurrentyws.shop/api
https://messtimetabledkolvk.shop/api
https://detailbaconroollyws.shop/api
https://deprivedrinkyfaiir.shop/api
https://relaxtionflouwerwi.shop/api
Targets
-
-
Target
randomscript.ps1
-
Size
1KB
-
MD5
322d6110a033d0aadfc40c14b8668fc7
-
SHA1
810a4c158b6016c990ac9653e89a6e9af79d578c
-
SHA256
22b607cba20413cd4363dd69d04d7ecda694ce3cf514f965a74c3605c7793248
-
SHA512
8e7c57e67c61ef9480f29232015a375718ae4defcf2603069da297dac0e4c4792f2f95371fda521c7fae8e077d38bdb34c5169d9fddc45064b37488a1d5e0699
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-