Overview

overview

10

Static

static

1

run.txt

windows10-1703-x64

10

Resubmissions

04-09-2024 20:23

240904-y6m31sxajd 1

04-09-2024 20:18

240904-y3acravhmj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    run.txt

  • Size

    227B

  • Sample

    240904-y3acravhmj

  • MD5

    34a8172dd92f06c10aa22d52a421f8fd

  • SHA1

    e946fa378b75999d907db6748f1c046497a24358

  • SHA256

    7292508096e70698ee91b7a7bf82f8834933e805824d0a18bc892bd3afaadde4

  • SHA512

    5b4cb796e6adcbe0fa9385bb67a8437af88226d969cebc091582338cdfb7654945605ed82d914f89283a9e70b3e6b157d63dd8c341feddf792f00ce82feccb8e

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.revshells.com/Python3%20Windows?ip=following-intersection.gl.at.ply.gg&port=35259&shell=powershell&encoding=powershell

Targets

    • Target

      run.txt

    • Size

      227B

    • MD5

      34a8172dd92f06c10aa22d52a421f8fd

    • SHA1

      e946fa378b75999d907db6748f1c046497a24358

    • SHA256

      7292508096e70698ee91b7a7bf82f8834933e805824d0a18bc892bd3afaadde4

    • SHA512

      5b4cb796e6adcbe0fa9385bb67a8437af88226d969cebc091582338cdfb7654945605ed82d914f89283a9e70b3e6b157d63dd8c341feddf792f00ce82feccb8e

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks