General

  • Target

    9cc036b0879d125d24401d0a89743fe5ace701dd6e107ea700f4adddb0238315

  • Size

    29KB

  • Sample

    241103-zt5mzavelr

  • MD5

    ac9318d0e8db68d68897f7b226e17386

  • SHA1

    96a6eadd0779bfbf47b3a1a3a21c6841faa7279e

  • SHA256

    9cc036b0879d125d24401d0a89743fe5ace701dd6e107ea700f4adddb0238315

  • SHA512

    c36009ed76e35a43401b2058060d6d4297a74f7ee98ba580cb4be6725c72b4662d043fcfabe073f3e561aa607835a44bfcca2dc5969777ce557fb0e22f2639a9

  • SSDEEP

    192:5EO0lLZEvA+6/6r8px8SmvowzxHq30wa6Y6P0tPBxV05JB8aY:a/8iS8px8SMDHgBctK5J

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://127.0.0.1:8000/arquivos/windows.txt

Targets

    • Target

      9cc036b0879d125d24401d0a89743fe5ace701dd6e107ea700f4adddb0238315

    • Size

      29KB

    • MD5

      ac9318d0e8db68d68897f7b226e17386

    • SHA1

      96a6eadd0779bfbf47b3a1a3a21c6841faa7279e

    • SHA256

      9cc036b0879d125d24401d0a89743fe5ace701dd6e107ea700f4adddb0238315

    • SHA512

      c36009ed76e35a43401b2058060d6d4297a74f7ee98ba580cb4be6725c72b4662d043fcfabe073f3e561aa607835a44bfcca2dc5969777ce557fb0e22f2639a9

    • SSDEEP

      192:5EO0lLZEvA+6/6r8px8SmvowzxHq30wa6Y6P0tPBxV05JB8aY:a/8iS8px8SMDHgBctK5J

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks