Overview

overview

10

Static

static

1

2dad4b0d25...0.xlam

windows7-x64

10

2dad4b0d25...0.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dad4b0d2557af1cadd3c7cb8e06f37c767c6565d2ec598a116a3063b92b0420

  • Size

    596KB

  • Sample

    241023-bkf19avhkk

  • MD5

    6073b84bbdc3b910df55b8b42a16ab65

  • SHA1

    28c95e7d8f2fa7dee552bcc190b7ec6aaa9ea9f3

  • SHA256

    2dad4b0d2557af1cadd3c7cb8e06f37c767c6565d2ec598a116a3063b92b0420

  • SHA512

    1392956610ded25dc8e5ca50c5a15218e3a2ecdc12314ae7bf0313a47dd35c2ead7aba74fc7381542c2e107b547bbef23f9be1ea8ff653b3da1e1f951485a50d

  • SSDEEP

    12288:JJRTchjxyfDF5NYzNewgU8mLQobusNRO+IXbpwOjMbR6I6EfjOvCxicvG:JJp4j2FYReBm9bpNROtgt6zErkC7vG

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      2dad4b0d2557af1cadd3c7cb8e06f37c767c6565d2ec598a116a3063b92b0420

    • Size

      596KB

    • MD5

      6073b84bbdc3b910df55b8b42a16ab65

    • SHA1

      28c95e7d8f2fa7dee552bcc190b7ec6aaa9ea9f3

    • SHA256

      2dad4b0d2557af1cadd3c7cb8e06f37c767c6565d2ec598a116a3063b92b0420

    • SHA512

      1392956610ded25dc8e5ca50c5a15218e3a2ecdc12314ae7bf0313a47dd35c2ead7aba74fc7381542c2e107b547bbef23f9be1ea8ff653b3da1e1f951485a50d

    • SSDEEP

      12288:JJRTchjxyfDF5NYzNewgU8mLQobusNRO+IXbpwOjMbR6I6EfjOvCxicvG:JJp4j2FYReBm9bpNROtgt6zErkC7vG

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks