General

  • Target

    2fd415ebb6e49cd4739096ceb648fc2190072a8a1d93cbc34181e1a6dcb3ad5e

  • Size

    29KB

  • Sample

    240629-1q9ceszhrk

  • MD5

    7cbc7205cb5331f5991e3f81dc64321f

  • SHA1

    47e95088e711df9eeff11763f56d09cf687bd9a3

  • SHA256

    2fd415ebb6e49cd4739096ceb648fc2190072a8a1d93cbc34181e1a6dcb3ad5e

  • SHA512

    8aa088f4eb23a929105b9e5040ae853a6fd11ec4a0814eaec30568957ec2df59f244d1d565216ece1dff5bae1fbb3f63ea4add2d71917fda54ae52abbf7929bb

  • SSDEEP

    192:g8iZEvA+6/6rupx+uh9dERlxJTrgpzA0jp4tWWKca:TiSupx+YdE5eA0jyt8

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://192.168.45.179/run.ps1

Targets

    • Target

      2fd415ebb6e49cd4739096ceb648fc2190072a8a1d93cbc34181e1a6dcb3ad5e

    • Size

      29KB

    • MD5

      7cbc7205cb5331f5991e3f81dc64321f

    • SHA1

      47e95088e711df9eeff11763f56d09cf687bd9a3

    • SHA256

      2fd415ebb6e49cd4739096ceb648fc2190072a8a1d93cbc34181e1a6dcb3ad5e

    • SHA512

      8aa088f4eb23a929105b9e5040ae853a6fd11ec4a0814eaec30568957ec2df59f244d1d565216ece1dff5bae1fbb3f63ea4add2d71917fda54ae52abbf7929bb

    • SSDEEP

      192:g8iZEvA+6/6rupx+uh9dERlxJTrgpzA0jp4tWWKca:TiSupx+YdE5eA0jyt8

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks