6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a | Triage

Resubmissions

02-10-2024 03:28

241002-d1ty6avejr 10

02-10-2024 03:25

241002-dym3tsvdlk 10

Sharing

General

Target

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs
Size

504KB
Sample

241002-d1ty6avejr
MD5

73116ddf40456b41c6b35023bc02e781
SHA1

037b869900d0474bf7603b8fbe3401f517f52117
SHA256

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a
SHA512

f60cbe6234371aacd3f42f87db8ea04cc3b982d9c356db5a1e0fa3959268c0aa8e78e4c059feac1619348a3453e55c3386e096812d2a4a6d61aca5cc99007be3
SSDEEP

12288:VS57Wp1MYi6qsGrA2OGLmeq0wM/l1d0FUvoExHRbb4XJb7q5cPT+EmJu6X:VC6X0T5VnpJ4Za

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Targets

- Target
  
  6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs
- Size
  
  504KB
- MD5
  
  73116ddf40456b41c6b35023bc02e781
- SHA1
  
  037b869900d0474bf7603b8fbe3401f517f52117
- SHA256
  
  6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a
- SHA512
  
  f60cbe6234371aacd3f42f87db8ea04cc3b982d9c356db5a1e0fa3959268c0aa8e78e4c059feac1619348a3453e55c3386e096812d2a4a6d61aca5cc99007be3
- SSDEEP
  
  12288:VS57Wp1MYi6qsGrA2OGLmeq0wM/l1d0FUvoExHRbb4XJb7q5cPT+EmJu6X:VC6X0T5VnpJ4Za
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution