1581804de8f5a5e4d6e0c0a6df326992b874d4d55c4c4d5e795c80f6f1c4c0ad | Triage

Sharing

General

Target

226901160125394.bat
Size

521B
Sample

240701-s6nfwssanm
MD5

e7bb44f7a40faf04de6eef414aeaac68
SHA1

feab06aa47a6b34a30085726103a58ea2d6ccf77
SHA256

1581804de8f5a5e4d6e0c0a6df326992b874d4d55c4c4d5e795c80f6f1c4c0ad
SHA512

3553e5a1fa4349a75aa0a4a61c833be8ae9d6fa10b3c4da49771e845938585fbd376277f976ff24ad91439be1f32d11ce6270761d7851a959903a6be575a0009

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://94.177.244.107:3000/miner

Targets

- Target
  
  226901160125394.bat
- Size
  
  521B
- MD5
  
  e7bb44f7a40faf04de6eef414aeaac68
- SHA1
  
  feab06aa47a6b34a30085726103a58ea2d6ccf77
- SHA256
  
  1581804de8f5a5e4d6e0c0a6df326992b874d4d55c4c4d5e795c80f6f1c4c0ad
- SHA512
  
  3553e5a1fa4349a75aa0a4a61c833be8ae9d6fa10b3c4da49771e845938585fbd376277f976ff24ad91439be1f32d11ce6270761d7851a959903a6be575a0009
Score

10^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3