Overview

overview

10

Static

static

10

code.ps1

windows7-x64

9

code.ps1

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    code.ps1

  • Size

    3KB

  • Sample

    240809-m27fbateka

  • MD5

    259ad591b830b483e84b4f995f35838e

  • SHA1

    39be4b78a4f7d7956d21a6917f1687dc77d7847b

  • SHA256

    865c27bc6fd0781cec11c4d0c0797e370a2e88f9db9f9aa25a72de7817a428fd

  • SHA512

    b4eeff16b50c6b0f60fcc21a70b5a95358f8b3399fc6a08576b5e3751489462daf373be789832cefedb73fe07f959c33c499ff9f32b5e6da54f57061140c32ee

Score
10/10
discoveryexecutionpersistence

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://malicious-server.com/payload.exe

Targets

    • Target

      code.ps1

    • Size

      3KB

    • MD5

      259ad591b830b483e84b4f995f35838e

    • SHA1

      39be4b78a4f7d7956d21a6917f1687dc77d7847b

    • SHA256

      865c27bc6fd0781cec11c4d0c0797e370a2e88f9db9f9aa25a72de7817a428fd

    • SHA512

      b4eeff16b50c6b0f60fcc21a70b5a95358f8b3399fc6a08576b5e3751489462daf373be789832cefedb73fe07f959c33c499ff9f32b5e6da54f57061140c32ee

    Score
    9/10
    discoveryexecutionpersistence

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Drops startup file

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks