d58f4ca5711d50e65517fe450bb495abcfff46ba8f045e2e18ed71ed29449b00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d58f4ca5711d50e65517fe450bb495abcfff46ba8f045e2e18ed71ed29449b00N
Size

17KB
Sample

241002-se5abswemb
MD5

2c0cf659287555ed6446ebc7562e7d60
SHA1

e12c664dc6a5078e4f7f638a2eaebe72752f209d
SHA256

d58f4ca5711d50e65517fe450bb495abcfff46ba8f045e2e18ed71ed29449b00
SHA512

fa36fbfdea0ab4c22ba8b99ca42b5ecb5acc967387267b4a77686008a146cdda53ffae1e2171a0c4fa0f2ac68adf05fa5560deaaf1186c482a6c4b043a19b038
SSDEEP

384:OXQCYdMQ0FnKtSNBseL5RtgsIGU8tjUHWuFGQiCu8p3dou7gLdB6U:nlMQ0JKtp2IsI0ITZF6uOdP

Score

10^/10

execution upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githack.com/i87924hgasdhg/hgytiryty/master/busybox

Targets

- Target
  
  d58f4ca5711d50e65517fe450bb495abcfff46ba8f045e2e18ed71ed29449b00N
- Size
  
  17KB
- MD5
  
  2c0cf659287555ed6446ebc7562e7d60
- SHA1
  
  e12c664dc6a5078e4f7f638a2eaebe72752f209d
- SHA256
  
  d58f4ca5711d50e65517fe450bb495abcfff46ba8f045e2e18ed71ed29449b00
- SHA512
  
  fa36fbfdea0ab4c22ba8b99ca42b5ecb5acc967387267b4a77686008a146cdda53ffae1e2171a0c4fa0f2ac68adf05fa5560deaaf1186c482a6c4b043a19b038
- SSDEEP
  
  384:OXQCYdMQ0FnKtSNBseL5RtgsIGU8tjUHWuFGQiCu8p3dou7gLdB6U:nlMQ0JKtp2IsI0ITZF6uOdP
Score

10^/10

execution upx
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2