8de9581d99d64252080d4a00bb75660b3d95bd05772556a0f1cb21bb68afa166 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

salak.ps1
Size

1KB
Sample

240903-l43dpstejm
MD5

74516d65d42a0909715cac0691afd1aa
SHA1

58201f8a6569897cf9433fcaef4454e7b1a3d226
SHA256

8de9581d99d64252080d4a00bb75660b3d95bd05772556a0f1cb21bb68afa166
SHA512

65fd8d5863784a9057202ac3813f688a36d9674f7f07983fc7fc87fba7ac8369cec99c59e0ddd63a0ccea0436f18649e08f0d3a329788c858f08f7149c9631ad

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://207.154.255.134:8443/ZIen7RH/1zFNrVrn0

ps1.dropper

http://207.154.255.134:8443/ZIen7RH

Targets

- Target
  
  salak.ps1
- Size
  
  1KB
- MD5
  
  74516d65d42a0909715cac0691afd1aa
- SHA1
  
  58201f8a6569897cf9433fcaef4454e7b1a3d226
- SHA256
  
  8de9581d99d64252080d4a00bb75660b3d95bd05772556a0f1cb21bb68afa166
- SHA512
  
  65fd8d5863784a9057202ac3813f688a36d9674f7f07983fc7fc87fba7ac8369cec99c59e0ddd63a0ccea0436f18649e08f0d3a329788c858f08f7149c9631ad
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2