8b24e9e9cedaa214ef125bc43217e83a0b46eb7bf759a2ad7c735d5d75ca95c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

continuesurf.b-cdn.net.ps1
Size

143B
Sample

240825-qmapkswepc
MD5

3693d54bc3e0a508eefa28f951cc8e68
SHA1

963018c74563181fb8f60baa032ce8cc018cfd0d
SHA256

8b24e9e9cedaa214ef125bc43217e83a0b46eb7bf759a2ad7c735d5d75ca95c8
SHA512

2528cfdb72a0ba33a34d3ad2bb3632def1d42ff311c6aa723db2e45a5b020a815384b2cc6cfe3eae194916f642dc250b095ec6391f6af4f635b1289d71635f08

Score

10^/10

execution

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://requested-file.b-cdn.net/flare

Extracted

Language

hta

Source

URLs

hta.dropper

https://requested-file.b-cdn.net/flare

Targets

- Target
  
  continuesurf.b-cdn.net.ps1
- Size
  
  143B
- MD5
  
  3693d54bc3e0a508eefa28f951cc8e68
- SHA1
  
  963018c74563181fb8f60baa032ce8cc018cfd0d
- SHA256
  
  8b24e9e9cedaa214ef125bc43217e83a0b46eb7bf759a2ad7c735d5d75ca95c8
- SHA512
  
  2528cfdb72a0ba33a34d3ad2bb3632def1d42ff311c6aa723db2e45a5b020a815384b2cc6cfe3eae194916f642dc250b095ec6391f6af4f635b1289d71635f08
Score

10^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2