5fbdfe7519229372ef9d459b5ffdfefdc9c03578a90a84e8f729680bfa3fa228 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ScriptBuzzBuzz 2.ps1
Size

805KB
Sample

240611-kgg9kszhqe
MD5

4bd4a6fc1aae3870c3bb5c106a989da9
SHA1

8d36810464f51f919feb82895c8b20fa8f4b5630
SHA256

5fbdfe7519229372ef9d459b5ffdfefdc9c03578a90a84e8f729680bfa3fa228
SHA512

b4a9b617195daaa9e38f9a41b1fe32641c62282c01bb4eedac79fa58b31656ab5d13b05f92026d65a3e498d3d9172dff7e4efa9d6813097d0ddab2d2fb9922b8
SSDEEP

12288:yZbaVShXGjMH6AQg3KmgOwhS6tfbc8UdMPKBmANURqhd7myrUwdKe2G9Xu0T:yljXDnfaSoSajaMPKBRNUYTmeUbk9Xu2

Score

8^/10

execution

Malware Config

Targets

- Target
  
  ScriptBuzzBuzz 2.ps1
- Size
  
  805KB
- MD5
  
  4bd4a6fc1aae3870c3bb5c106a989da9
- SHA1
  
  8d36810464f51f919feb82895c8b20fa8f4b5630
- SHA256
  
  5fbdfe7519229372ef9d459b5ffdfefdc9c03578a90a84e8f729680bfa3fa228
- SHA512
  
  b4a9b617195daaa9e38f9a41b1fe32641c62282c01bb4eedac79fa58b31656ab5d13b05f92026d65a3e498d3d9172dff7e4efa9d6813097d0ddab2d2fb9922b8
- SSDEEP
  
  12288:yZbaVShXGjMH6AQg3KmgOwhS6tfbc8UdMPKBmANURqhd7myrUwdKe2G9Xu0T:yljXDnfaSoSajaMPKBRNUYTmeUbk9Xu2
Score

8^/10

execution
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2