8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e

Sharing

Copy URL

Twitter E-mail

General

Target

8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
Size

1.0MB
Sample

241028-wdw44svdjj
MD5

1e2c2fb600bbf50b18d65ba0087da087
SHA1

abdc80373a470bfd44da52e245a5ba453cbc9158
SHA256

8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
SHA512

ed512d11c0e2560072b29352533f6563781cc7ab3978706bfa2180d522715e836b8ffb6bfdfc3b8947644afad993cfa5b87bd8c2932e15ef08856702832ff5c0
SSDEEP

24576:AKnGpZCNOG9vMccFky3gnVQce6XQdi+J72ilgnL6:CpkIG99cFkywReiQ8+J71K2

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://blackrock.com/

Targets

- Target
  
  8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
- Size
  
  1.0MB
- MD5
  
  1e2c2fb600bbf50b18d65ba0087da087
- SHA1
  
  abdc80373a470bfd44da52e245a5ba453cbc9158
- SHA256
  
  8684e74d35baab30e8f8af7db486c2a339d3063feb2074109b8c96c1fea8313e
- SHA512
  
  ed512d11c0e2560072b29352533f6563781cc7ab3978706bfa2180d522715e836b8ffb6bfdfc3b8947644afad993cfa5b87bd8c2932e15ef08856702832ff5c0
- SSDEEP
  
  24576:AKnGpZCNOG9vMccFky3gnVQce6XQdi+J72ilgnL6:CpkIG99cFkywReiQ8+J71K2
Score

1^/10
behavioral1 behavioral2
- Target
  
  LMgwPLLUMYUCMYqNCHLJ.ps1
- Size
  
  5KB
- MD5
  
  13e37ce0c6fd5ca118fca61d6dbbd7c2
- SHA1
  
  2a084d1ef095c30e92283eda758383a83fc3ec19
- SHA256
  
  ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92
- SHA512
  
  34a3aeed8e223987fe511dc74805f47e0d97e10afc46e1b60520dfbb5e7def8803a9e5e116913c5debeffeba7b0d74fc743867534a99f43fc57e16b45285556e
- SSDEEP
  
  96:tPC1x6rjMxSRfmrV9qPpyDgXHPx0aMdPhEaQ0aMdPhEaRv:4fxDVwPwU3Px0NPhEF0NPhE4
Score

8^/10

discovery execution
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  PsfLauncher32.exe
- Size
  
  302KB
- MD5
  
  e005414b82df848717581bd260725b02
- SHA1
  
  6ad75f8152617858d463f36cf4b2ce432e0ad4df
- SHA256
  
  312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
- SHA512
  
  be3d06d2049551e2d5acc3232c6d520236747d53dc49e388c6e616d1f7e1f6f7b6338a4e743773f5461589f2325a8a722af023009cc709f076f51e418382b562
- SSDEEP
  
  6144:Z85jcjnYXSFt8NUBtirDpOzF2akGcoRJKCNWcWAOEOrCng:Z85jedFtOdEF2asjnzrag
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  PsfLauncher64.exe
- Size
  
  370KB
- MD5
  
  bfcb4275530e99a5e3fca4614a645fb5
- SHA1
  
  622421f44db52d39947e8229f7fa44a98339957f
- SHA256
  
  338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
- SHA512
  
  21cab7c56f53305038fa5603720853a38aeddf0dde2e02c9f1d0e83d6dbf9983f755b11a00d487bb8356b0ab69cf9e953a9786cd89e2180b7d428e038271c41b
- SSDEEP
  
  6144:thxzPfoMtkmiZqfrnZSG85YhDFohEUMaWT4I+wKn:tnzPLtbWqDUsNFoOaGKn
Score

1^/10
behavioral7 behavioral8
- Target
  
  PsfRunDll32.exe
- Size
  
  92KB
- MD5
  
  96376177175a1b23a95c6498e9ffb2b5
- SHA1
  
  f9d41e74bf714ed8ba60eac4f99060a5d5f92b26
- SHA256
  
  324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
- SHA512
  
  f792432ac0c675548849ea238934ea84eadc44cd94eb9e2e7859267e20ea18a52a9d562602d96f61c5080e0fa94caa4ef6a41e49bafb670b7dd29e35490b48df
- SSDEEP
  
  1536:IU5eCS6ZrIb3BIh7iCH+E+MteSQ40X/qchNXQDGdl0S6gsWRUchcdesCkwcmSZ0l:/eCh23BIhWCMSQ40XCMNl0F6kesCkwcu
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  PsfRunDll64.exe
- Size
  
  115KB
- MD5
  
  8466f69926a22670dcf6515a4fc3c054
- SHA1
  
  fd7a2d377cce9545fff272905af7016bd512aefc
- SHA256
  
  b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
- SHA512
  
  5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
- SSDEEP
  
  3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score

1^/10
behavioral11 behavioral12
- Target
  
  PsfRuntime32.dll
- Size
  
  368KB
- MD5
  
  a9f0eeb621dd5883258113cc4b490929
- SHA1
  
  3c84cdde573eb0f94865f749d9095940cdef409e
- SHA256
  
  11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
- SHA512
  
  336709007cb4723227f47ff153c99630209995315c8ecbbbe1ca24a48a133ed74ad6e557a123886dbb9a2022c752c67ef7c26524e6a59e8f0e125753a264c2fd
- SSDEEP
  
  6144:gkIVNQKH9HisvT9/taRJ9AONndrKV1UaMCk7KxAOOCyXjmw:gkIVDvT9/t6nAuEMjOxICQjmw
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  PsfRuntime64.dll
- Size
  
  467KB
- MD5
  
  61863b4c1aeefe10d69f54c03d373fd5
- SHA1
  
  4b448f7b4358945b3e9d744d97d6b7c860e5c5b8
- SHA256
  
  495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
- SHA512
  
  f97b69a5567e477ca67ad7f41933b00a57f74bb4f69c01161c17735b8bb35590cf06aff0fafe8308104e9385a0eb808d8735be9a744c8d2d100c9a9ea5f842a8
- SSDEEP
  
  12288:ybYu1g7I2hxD54yFTuWwp6wYcoDvbAfE63U4:qg7I2hZDFTuW/wx+kHU4
Score

1^/10
behavioral15 behavioral16
- Target
  
  StartingScriptWrapper.ps1
- Size
  
  14KB
- MD5
  
  da5bf3010154020db9db4cf8832b42ea
- SHA1
  
  15ba3dc3bbcb16a26839862d79b3519e74a5e03a
- SHA256
  
  7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
- SHA512
  
  d70c6df571a069797f5eb1ac9a3e30293914b8f1378714e97ae0b881ee5a833f0944ee7246e2768ed74747637deade85306e837a25b1757a1bc3abb7d6eaa9e2
- SSDEEP
  
  384:wrBzBV4OHcvFcYlu2V8uMcg5apqpBw2qFA5WFQExxR/c/mZ1:KBr4DSYlu2VzMcgwgBLqJQO/ceD
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  VFS/ProgramFilesX64/PsfRunDll64.exe
- Size
  
  115KB
- MD5
  
  8466f69926a22670dcf6515a4fc3c054
- SHA1
  
  fd7a2d377cce9545fff272905af7016bd512aefc
- SHA256
  
  b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
- SHA512
  
  5be11238923613169a2627b01db76a09b83e8215dd1872f8e96d8f646171bd9e365fa653da221671fd46258f661794b846ed09aa4369b5d55b3ac27f0b96b0e7
- SSDEEP
  
  3072:poN2YAE6yqki92M43MBaxRjn+ryYA/M5sfhew:pgAE6yq0MBBijDM5sfd
Score

1^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20