efabfa6e80a7e6052a8f0b9badf690a680ec247d5eae43eaefa228a503d4c2d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eed116982d3c262a6d5b114d23ba0f70NN
Size

4KB
Sample

240824-xk7d4awbqk
MD5

eed116982d3c262a6d5b114d23ba0f70
SHA1

76165456d1d03b4eb69af945e385ff91e7778f06
SHA256

efabfa6e80a7e6052a8f0b9badf690a680ec247d5eae43eaefa228a503d4c2d7
SHA512

92e84db78cd9bb634726c6f6edb170adb315f8f732185a6cafe061802283b6d9a8ae2f649e803a6f27e643cd8cebf9abcc1129ab26bcdac821b40a170c358048
SSDEEP

96:UzCILwBo/8badHgwlLRm6nzSmaUE8BhMD7wHFn3:UzCILwBo/V59LRbzSBrPwR3

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://mainstream.ngrok.app

exe.dropper

https://ratte.ngrok.app/Main/antivm.ps1

Targets

- Target
  
  eed116982d3c262a6d5b114d23ba0f70NN
- Size
  
  4KB
- MD5
  
  eed116982d3c262a6d5b114d23ba0f70
- SHA1
  
  76165456d1d03b4eb69af945e385ff91e7778f06
- SHA256
  
  efabfa6e80a7e6052a8f0b9badf690a680ec247d5eae43eaefa228a503d4c2d7
- SHA512
  
  92e84db78cd9bb634726c6f6edb170adb315f8f732185a6cafe061802283b6d9a8ae2f649e803a6f27e643cd8cebf9abcc1129ab26bcdac821b40a170c358048
- SSDEEP
  
  96:UzCILwBo/8badHgwlLRm6nzSmaUE8BhMD7wHFn3:UzCILwBo/V59LRbzSBrPwR3
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2