General

  • Target

    a04f91673ea0e8e3984a04d2063cb1bfe499b7bd0b7ce5d5674a2870fbbe5039

  • Size

    39KB

  • Sample

    240629-1l23jszgrl

  • MD5

    fbcf39cd96c5a07931aa7e78df4ef17e

  • SHA1

    b2776ef05a089dcb9dbddc93b64e6e20b5b9f0b6

  • SHA256

    a04f91673ea0e8e3984a04d2063cb1bfe499b7bd0b7ce5d5674a2870fbbe5039

  • SHA512

    9b9231604856fd4234ded485bc79fc4850bc668cc7300db61ee91f0aaa0678bdaaf1629970c3a4996a27c7f54839f86879ea4b089e20d2b4c02fd7d297e9a0f3

  • SSDEEP

    384:NiSsqdg1vA96bt3SMbTJvwDQwnejDy/0jRht0Z:v+1o9LM3iRq6

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://192.168.45.179/run.ps1

Targets

    • Target

      a04f91673ea0e8e3984a04d2063cb1bfe499b7bd0b7ce5d5674a2870fbbe5039

    • Size

      39KB

    • MD5

      fbcf39cd96c5a07931aa7e78df4ef17e

    • SHA1

      b2776ef05a089dcb9dbddc93b64e6e20b5b9f0b6

    • SHA256

      a04f91673ea0e8e3984a04d2063cb1bfe499b7bd0b7ce5d5674a2870fbbe5039

    • SHA512

      9b9231604856fd4234ded485bc79fc4850bc668cc7300db61ee91f0aaa0678bdaaf1629970c3a4996a27c7f54839f86879ea4b089e20d2b4c02fd7d297e9a0f3

    • SSDEEP

      384:NiSsqdg1vA96bt3SMbTJvwDQwnejDy/0jRht0Z:v+1o9LM3iRq6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks