General
-
Target
xopescobal.zip
-
Size
594KB
-
Sample
241004-cntxyssgqe
-
MD5
a7816e37ca6d24353b6a121a19f89e04
-
SHA1
ee20047063cdd39c5ebc1fe4ba80a93246433c66
-
SHA256
73cfce97f633fc65b66744e894cac0dd0dd2fd02db6f15bff1a89e5076f80186
-
SHA512
7a48c99c92157efbb2fd2f656e56993093a8423f34002e736242bdcc5787eb8be37feb7b7ec31d15877bdd04a3be514416fc97d7c1c6cf144f1ff6287df528f7
-
SSDEEP
12288:A+DyIchjVK74wCo9xBZk9hhcnxh77RpQ/Pkdq6oGh:7D3cyCmZ2cnD7RkPkdhh
Malware Config
Targets
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Diagnostics/Comprehensive/Comprehensive.Tests.ps1
-
Size
759B
-
MD5
37037611b8d8035a889ff01694e0b5fe
-
SHA1
36266741b98e8efc5d68761d722bbad75824dc1a
-
SHA256
1edbabd2ab521a579cf66ae26657bb4c0aa19e37ca5728bca794f54aa6e6fd18
-
SHA512
a05c8b47429cb7ecc7f79a9ac11474d2b182e9a53fd49d49509a657acb959e7770e877eef3873f2a6dd33ae732bf0ada27e0d2eb16f1233a2b255f47ef3d0477
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Diagnostics/Simple/Simple.Tests.ps1
-
Size
384B
-
MD5
bd5f7018096ec0b8e4b92af92d98cbaf
-
SHA1
089db48ee781bd035f0bd6d59d0422c0d969eb8b
-
SHA256
20b58ed17ede1b1d679ded4b23400fb2468455ccf927b6fc88ae0955589e92b3
-
SHA512
66cb22fed91c0a674c6be826dbc61ef2fac41eafecc653e2b1734abf4bc96ce4b0f35639a5ee477fad9804ba1d64e25e96ad2d8cfd89aa025db5f466e1eaf33d
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Microsoft.PowerShell.Operation.Validation.Format.ps1xml
-
Size
3KB
-
MD5
15d1ba4aff790ecc1ca05df9a662672b
-
SHA1
8d5bb275586ff0ba3971a8c60076f936b89627b9
-
SHA256
31b1df552890e3765464c601e402c30c58ba96020794635bc550f2736d325f4a
-
SHA512
5923aafc04260db7ba3d91db7c8c0d3fcbb1cc2a611e1a1dcc9c61ffb176645383b28d3f591986442a462966cd9b15156fcde9a635a6fef23aa23009beae1834
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Microsoft.PowerShell.Operation.Validation.psm1
-
Size
12KB
-
MD5
e963db110505e5ed5e7c23123409ff38
-
SHA1
422ae6a9d6bdb0c09a10d7e4220fa0e070395135
-
SHA256
1c834785aaae074189b7310207ef2aeaf99397d56249892840e20d14b49d8193
-
SHA512
047a6e60cd14c1022b90ea80a3bbaecf630a3b8cdb61cff34aaf014a3147b4e22a883abf7c3b4f81d41f9204f3fb59eedb238f5bc900b23e447efac84748ca46
-
SSDEEP
384:PdFRM3gk/GVedRIOtqtIYpX1WJ2rJ23qChHj32O6pTE:PdAgtIYpXYJ2rJ2aW
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Microsoft.PowerShell.Operation.Validation.Tests.ps1
-
Size
4KB
-
MD5
030135152a7966a4323acd4f065bb925
-
SHA1
a1c3eeef3992e9f5b0b0c3a1057902b98f1c141b
-
SHA256
1c469a57bf49a7995f211c035f244d1fa538424cf2937006b85f20d46cc4a0d8
-
SHA512
f92e905d95e4adac298d755bbe884cc61ab97208dcddc2a74aa18b57bcbc4aba4de1c91037ecc6ac8f2ea59993a11a82169b6928ec6b10d913d2c0d2c0153309
-
SSDEEP
96:7YrzsszsyzsaKzsBHmL46kygP4JLBgLOzsf9zsdhQnnJo9zsQSAzsMvxzsDc:88z5aBHg46kyE4JLB6Nf2dmnnS2QKgig
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example1.Diagnostics/Diagnostics/Simple/Example1.Diagnostics.Tests.ps1
-
Size
241B
-
MD5
af30dcc5efd4c2cfd486789fc8d103d2
-
SHA1
b2c04a08e7050c36ab3962fc6fadb0bae501a484
-
SHA256
85ec948f272eec9bbd24030105548d87b3f697002416ac4692e389d315cdd534
-
SHA512
a1003e5f707892f6f24f6b6bdd9d5f5ef2e340866a8d1d8faea4b5b2d32ae19305a3a29ec5c4fa7dd996b9feaf72887a595d7c37be17782a5bf062688aaf6aff
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example2.Diagnostics/1.0.1/Diagnostics/Simple/Example2.Diagnostics.Tests.ps1
-
Size
241B
-
MD5
af30dcc5efd4c2cfd486789fc8d103d2
-
SHA1
b2c04a08e7050c36ab3962fc6fadb0bae501a484
-
SHA256
85ec948f272eec9bbd24030105548d87b3f697002416ac4692e389d315cdd534
-
SHA512
a1003e5f707892f6f24f6b6bdd9d5f5ef2e340866a8d1d8faea4b5b2d32ae19305a3a29ec5c4fa7dd996b9feaf72887a595d7c37be17782a5bf062688aaf6aff
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example3.Diagnostics/1.1.1/Diagnostics/Simple/Example3A.Diagnostics.Tests.ps1
-
Size
241B
-
MD5
af30dcc5efd4c2cfd486789fc8d103d2
-
SHA1
b2c04a08e7050c36ab3962fc6fadb0bae501a484
-
SHA256
85ec948f272eec9bbd24030105548d87b3f697002416ac4692e389d315cdd534
-
SHA512
a1003e5f707892f6f24f6b6bdd9d5f5ef2e340866a8d1d8faea4b5b2d32ae19305a3a29ec5c4fa7dd996b9feaf72887a595d7c37be17782a5bf062688aaf6aff
Score3/10 -
-
-
Target
kl/Modules/Microsoft.PowerShell.Operation.Validation/1.0.1/Test/Modules/Example3.Diagnostics/2.0.1/Diagnostics/Simple/Example3B.Diagnostics.Tests.ps1
-
Size
241B
-
MD5
af30dcc5efd4c2cfd486789fc8d103d2
-
SHA1
b2c04a08e7050c36ab3962fc6fadb0bae501a484
-
SHA256
85ec948f272eec9bbd24030105548d87b3f697002416ac4692e389d315cdd534
-
SHA512
a1003e5f707892f6f24f6b6bdd9d5f5ef2e340866a8d1d8faea4b5b2d32ae19305a3a29ec5c4fa7dd996b9feaf72887a595d7c37be17782a5bf062688aaf6aff
Score3/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagement/MSFT_PackageManagement.psm1
-
Size
13KB
-
MD5
4073882f5e10d9ed469c77ec1fabdfc1
-
SHA1
5065ce8ec9268e02ca43ab37257ac1e7118e9eed
-
SHA256
bc0dabafd4a88903a8bd3cb092a4f27b8e3c13c3ce9be2070a3de1b204aade29
-
SHA512
47ae50abe66712ea9495abe59d47694191edc7507eaf8cbacfb0034301a6bb01fefc9c5c5bd913667aafd0f698006126d0b04d661232fd98da2a2a567cf69c2a
-
SSDEEP
192:vdTLrRdatR9eyqEZkZfZ7zmW2t9dTLrRdatR9e5VCQBodTLrRdatR9eCVCQBhkZA:fuEZfZMDTYQTAZfZHe
Score3/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/DSCResources/MSFT_PackageManagementSource/MSFT_PackageManagementSource.psm1
-
Size
23KB
-
MD5
3ea5d59d6375074e7dd5098f5be15e88
-
SHA1
3e3da37b8ec77e82c66eef24cf2998a2c3ac3a42
-
SHA256
8617ffdcd6bf693fcbaaf24f393287bb3832b6df2b84ef15eedaecc964b76195
-
SHA512
a41c229547b08af9b389382c69f909612101b0af04945ad80c18de79b6c0f267f2202208502cdeea37334eca70a01f6a52fc93091b3357615b346efa22a3115a
-
SSDEEP
384:oswsj7wiFjIJEV/DvhbjGMiHwkoFbjOtvOb0sjbNwhFowuFY23oBbL:oYNjWKDv9ibEZ5jh8
Score3/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/DSCResources/PackageManagementDscUtilities.psm1
-
Size
9KB
-
MD5
95e2c07d9f6c0f1fc65afb1b15c35bb4
-
SHA1
3751bbef4b6f7148263b24132dc5fb9e603f19c5
-
SHA256
4b7b55a44812c88e44f535e9a40da0061ef87807110deb0a7677eac139a6f960
-
SHA512
f7ba703ceb17382ed1f6a3d3d78bba66d5c57f125735e2338ac0e9ba4adf778570fd2202e6c3e0993b66b78972dffce5c4485d7550f3310b8a37201a3fd8a3c3
-
SSDEEP
192:RVMzjcUtD8fzTuYzn0z1Cn1e2n1uCkzU5AAd0bd3Z25VTt+ZzJ/H820fHXcG4zn:RezLtD8fzTuYz0z0n1zn1BkzUKjZ25Vm
Score3/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.ArchiverProviders.dll
-
Size
69KB
-
MD5
4719849652cb1d2ef9d75432a7336487
-
SHA1
39b4485f8e6d0a51d016a04c7f137cbbcf03ece3
-
SHA256
05ba9c0554d1556135b06ce4c3297eee5203d5638a506fce9be9f52127265c39
-
SHA512
6cdd4dc5f94e74df916ff512a2437e525ad2b6deb61bbe9f7582ad6b8d4b162a12a8f4fefab1ea11c2daf5add3b003ee7284901540d33d9d98cd254657a335cf
-
SSDEEP
768:5xAHNg0HKtVkV8rXJJjm+13rPesrl1Fhaj2r9RvlCuAaDo+Zo1CDm73JLcal8S:nSgPtuarHm+91rlVS8vdDDqWnG
Score1/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.CoreProviders.dll
-
Size
58KB
-
MD5
f5f500f53bf23709c7c1270c6fc388c6
-
SHA1
2f9026580f8a7284775c4e0e1835a27ef9d7f275
-
SHA256
43b52ede904f556ba4bed46fe6b0176f92f40a8b541d731362cabe0de274de12
-
SHA512
17718c020a2f07b8877f6d87aa48c0e4222dac5b8a4b5e731ae75288aa215c2fd5fe0e4e8fceed72354d2eb5f6af7ea19bad65c599190954d3efe519eea3dc29
-
SSDEEP
1536:bKjmffpg0nFlFHnzrjIMp53l0KhpmDQE5h9HNswFqMdW:ujmfbHf/1phpyv5h9HkV
Score1/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MetaProvider.PowerShell.dll
-
Size
66KB
-
MD5
33e5a73df844d392dffa795dc670228f
-
SHA1
b08779d3fec732b53e38ca180824e827bf70618c
-
SHA256
e69402fa0f57cd843805b98c2c0a21e0fcefd2eed7975741238c97a038148ddb
-
SHA512
c83f5da4614cb0e5140c28923498200b14c6d4e5dd47c01581d61eb5bbe9141426d43f358ce069570a86f210378fac9e7be049c3660afde7a3f465620d3f57b5
-
SSDEEP
1536:BCev+l8ZDZxXtGqYawnZRJrj7AUJwlMa1ZoMCKBug6oLSxwp0TTHS:yj7AU2lMsZLhgg6odp0TzS
Score1/10 -
-
-
Target
kl/Modules/PackageManagement/1.0.0.1/Microsoft.PackageManagement.MsiProvider.dll
-
Size
230KB
-
MD5
c9f88f5973cd4c6d54a194f837e3eb1a
-
SHA1
fd7e3037eb36b3d8e5c7ba0310add183aed20aa2
-
SHA256
7b47d17c7aad660a94bc94b2ab500fa794c65f380662abdcf45d7e381511c9fb
-
SHA512
8c4bef7a39d446d6419dc78a10427a98e13f56907b285bd3c75cb41988de9a211d9df1cd54bfe80d1058dc6cc26112673398cbf78e793e9b61dcd465227e0ab8
-
SSDEEP
6144:deRvw1rmAbEcLp2G7KBsDSssnVSj6eFTdz:URi66op/e
Score1/10 -