General

  • Target

    a5957a7de8f7497bb648cf3a0503a9263210ae9234c205736cde899d5540089e

  • Size

    29KB

  • Sample

    240724-1dz8zsybjk

  • MD5

    d3f978173bc8043c0beab30dfc468826

  • SHA1

    d5ece0793223b6ac11df0f7b03dc89ffcd22d6cd

  • SHA256

    a5957a7de8f7497bb648cf3a0503a9263210ae9234c205736cde899d5540089e

  • SHA512

    4282d1eb1af6abdcb6db7fc85254779f2af80682c303ee9ff155df884ccd1bf1347dff2a3648a73cd2a4b85ee91e5bf13d8644cdd2a8374e6d61656a53c1c6c2

  • SSDEEP

    192:RzH2QsZEvA+6/6rNavrgYjk+4bWl+Badnm9JhaVvDtsc50jH2DtxW/PR:RzWSiSwvxjk+t+Brta//50j8t

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://192.168.166.158/payload.txt

Targets

    • Target

      a5957a7de8f7497bb648cf3a0503a9263210ae9234c205736cde899d5540089e

    • Size

      29KB

    • MD5

      d3f978173bc8043c0beab30dfc468826

    • SHA1

      d5ece0793223b6ac11df0f7b03dc89ffcd22d6cd

    • SHA256

      a5957a7de8f7497bb648cf3a0503a9263210ae9234c205736cde899d5540089e

    • SHA512

      4282d1eb1af6abdcb6db7fc85254779f2af80682c303ee9ff155df884ccd1bf1347dff2a3648a73cd2a4b85ee91e5bf13d8644cdd2a8374e6d61656a53c1c6c2

    • SSDEEP

      192:RzH2QsZEvA+6/6rNavrgYjk+4bWl+Badnm9JhaVvDtsc50jH2DtxW/PR:RzWSiSwvxjk+t+Brta//50j8t

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks