ee6befd786245ecd99519272a1c0682acc15fc1fe1fb3012321684b57e1ef2dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

triage.ps1
Size

472B
Sample

240713-zc5awaydjh
MD5

abbee08715a8469fa6e4b2a8d5d76db7
SHA1

e5b98cac4834cf8f7e47a99e3ffde1b234959e7a
SHA256

ee6befd786245ecd99519272a1c0682acc15fc1fe1fb3012321684b57e1ef2dd
SHA512

2db9de7fd4f277e20265039079fbca74c9d2817dbe5abed892bb0b910fb3dcc5fefc251d22026bfaa8b839056461c50b0c12769aba491bea473f9fa9b329320f

Score

8^/10

execution

Malware Config

Targets

- Target
  
  triage.ps1
- Size
  
  472B
- MD5
  
  abbee08715a8469fa6e4b2a8d5d76db7
- SHA1
  
  e5b98cac4834cf8f7e47a99e3ffde1b234959e7a
- SHA256
  
  ee6befd786245ecd99519272a1c0682acc15fc1fe1fb3012321684b57e1ef2dd
- SHA512
  
  2db9de7fd4f277e20265039079fbca74c9d2817dbe5abed892bb0b910fb3dcc5fefc251d22026bfaa8b839056461c50b0c12769aba491bea473f9fa9b329320f
Score

8^/10

execution
- Blocklisted process makes network request
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3