Overview

overview

10

Static

static

1

d008327587...07.rtf

windows7-x64

10

d008327587...07.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    d008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707

  • Size

    102KB

  • Sample

    241004-q3873s1frb

  • MD5

    b11e94b7e6664725aa3f119a774c28cf

  • SHA1

    ffe18441c9347fb72c72612a242bcb5b688479d6

  • SHA256

    d008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707

  • SHA512

    f32b0a09442c593ba447d72be39ae1b933af18627b7ad5207f0267c9f62a672c29d2a18682bcaf2ea6f5f5827dad220d6fe643b71a0c283c00b794caf15170af

  • SSDEEP

    384:qRmtsvKPJXBSWodGarLaKesiPerSXPOUNyYf4aoG8QyiBuW/A5xpVb+385T77z:EiBBSWoRBzUP9747GxuW/uLb+uT7n

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

    • Target

      d008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707

    • Size

      102KB

    • MD5

      b11e94b7e6664725aa3f119a774c28cf

    • SHA1

      ffe18441c9347fb72c72612a242bcb5b688479d6

    • SHA256

      d008327587cb0d38e2c8c50084e6681f14083c8e40110059c14dcf54c86f8707

    • SHA512

      f32b0a09442c593ba447d72be39ae1b933af18627b7ad5207f0267c9f62a672c29d2a18682bcaf2ea6f5f5827dad220d6fe643b71a0c283c00b794caf15170af

    • SSDEEP

      384:qRmtsvKPJXBSWodGarLaKesiPerSXPOUNyYf4aoG8QyiBuW/A5xpVb+385T77z:EiBBSWoRBzUP9747GxuW/uLb+uT7n

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks