General

  • Target

    9b4b75c09078265dbd0f5438d66f98b09e85921ebd27d1a10af486347b31fce2

  • Size

    31KB

  • Sample

    240724-1fnmza1eqg

  • MD5

    8c86b2b91d5028baf6c3b3cc9880db5a

  • SHA1

    f54d390aa3e2b94f01e57bcbec77ae544999516a

  • SHA256

    9b4b75c09078265dbd0f5438d66f98b09e85921ebd27d1a10af486347b31fce2

  • SHA512

    64cb5d734354037aa3d1ec25af7af558e1b3b71fb6c2e1ded776b4ba14fbd54e1132adf4cf57600f2fcf7928a49fd68fbfe63682e8b2ab24bbc154bf65a88388

  • SSDEEP

    192:lSCuRSZEvAqD4xi6/6ro7eOWVDExMXHlkp8Upcdy2s50jAnTWtTdE7aA:lSrhiSoqONxQ+WQc02s50jA6th6

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://192.168.3.10/rev.ps1

Targets

    • Target

      9b4b75c09078265dbd0f5438d66f98b09e85921ebd27d1a10af486347b31fce2

    • Size

      31KB

    • MD5

      8c86b2b91d5028baf6c3b3cc9880db5a

    • SHA1

      f54d390aa3e2b94f01e57bcbec77ae544999516a

    • SHA256

      9b4b75c09078265dbd0f5438d66f98b09e85921ebd27d1a10af486347b31fce2

    • SHA512

      64cb5d734354037aa3d1ec25af7af558e1b3b71fb6c2e1ded776b4ba14fbd54e1132adf4cf57600f2fcf7928a49fd68fbfe63682e8b2ab24bbc154bf65a88388

    • SSDEEP

      192:lSCuRSZEvAqD4xi6/6ro7eOWVDExMXHlkp8Upcdy2s50jAnTWtTdE7aA:lSrhiSoqONxQ+WQc02s50jA6th6

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks