fd2c10222bcdde1db8a8bf18c5a8c98c828e5245f4d840f57d77b9f91ee9d772 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

trigger.ps1
Size

206B
Sample

241018-as792ayarn
MD5

6e7306dbcd8896748113d6ca8385e0bf
SHA1

44ddde9ee19bc7eeaa1b8fdc2460936881403995
SHA256

fd2c10222bcdde1db8a8bf18c5a8c98c828e5245f4d840f57d77b9f91ee9d772
SHA512

2c44b1be95cfd547f78a110b8a32f9e1b0eb2334a392ae96517eb9762e99946c09814c4e93fe77b760c26ad0c4400948e4770766574d42f2822c43c59ebc316b

Score

8^/10

execution

Malware Config

Targets

- Target
  
  trigger.ps1
- Size
  
  206B
- MD5
  
  6e7306dbcd8896748113d6ca8385e0bf
- SHA1
  
  44ddde9ee19bc7eeaa1b8fdc2460936881403995
- SHA256
  
  fd2c10222bcdde1db8a8bf18c5a8c98c828e5245f4d840f57d77b9f91ee9d772
- SHA512
  
  2c44b1be95cfd547f78a110b8a32f9e1b0eb2334a392ae96517eb9762e99946c09814c4e93fe77b760c26ad0c4400948e4770766574d42f2822c43c59ebc316b
Score

8^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2