cfafc9b2d6cbc65769074bab296c5fbacc676d298f7391a3ff787307eb1cbce0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x.ps1
Size

281KB
Sample

240727-ax4gmsybkf
MD5

4fef7578494c3f065010b234da9e6d23
SHA1

715fda02ba7203162aee4f3a31cbb04f48f53e40
SHA256

cfafc9b2d6cbc65769074bab296c5fbacc676d298f7391a3ff787307eb1cbce0
SHA512

0e120078a74d43176a1959b7158408dedfef6afb8189852d28fcbc8ff30ac07825d7fd2d6bf957089115bae7a1cffadef39fba412b5137c969887592b5ae5fd2
SSDEEP

1536:EhqEjSvrxQrgoc7I5eFgT7OQdjdlYG76p/zIOO5Y4:G2vtQrO7I5eFgT7OQd0g6p/NO5Y4

Score

8^/10

execution

Malware Config

Targets

- Target
  
  x.ps1
- Size
  
  281KB
- MD5
  
  4fef7578494c3f065010b234da9e6d23
- SHA1
  
  715fda02ba7203162aee4f3a31cbb04f48f53e40
- SHA256
  
  cfafc9b2d6cbc65769074bab296c5fbacc676d298f7391a3ff787307eb1cbce0
- SHA512
  
  0e120078a74d43176a1959b7158408dedfef6afb8189852d28fcbc8ff30ac07825d7fd2d6bf957089115bae7a1cffadef39fba412b5137c969887592b5ae5fd2
- SSDEEP
  
  1536:EhqEjSvrxQrgoc7I5eFgT7OQdjdlYG76p/zIOO5Y4:G2vtQrO7I5eFgT7OQd0g6p/NO5Y4
Score

8^/10

execution
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4