d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6 | Triage

Sharing

General

Target

d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6.ps1
Size

1KB
Sample

240904-cs3ewstcjq
MD5

506ab5ff15cbec266b783816aca9f5d0
SHA1

761fe13954ee140c3a32a058ca7654a3a6090a02
SHA256

d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6
SHA512

b8680737d8afe1dd1fff2a6ca919630c033cb5b7233a5f2bfebf7b629f28f341ffd4eb47b2a14df5d56b21187107c8fdf79fc7d93ace39891571108ca51aeece

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://207.154.255.134:8443/ZIen7RH/1zFNrVrn0

ps1.dropper

http://207.154.255.134:8443/ZIen7RH

Targets

- Target
  
  d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6.ps1
- Size
  
  1KB
- MD5
  
  506ab5ff15cbec266b783816aca9f5d0
- SHA1
  
  761fe13954ee140c3a32a058ca7654a3a6090a02
- SHA256
  
  d6513550cc5256ece6007aeafe9d39c4cda4c8ccab2daebe5c48d0583e1b02f6
- SHA512
  
  b8680737d8afe1dd1fff2a6ca919630c033cb5b7233a5f2bfebf7b629f28f341ffd4eb47b2a14df5d56b21187107c8fdf79fc7d93ace39891571108ca51aeece
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2