General

  • Target

    ea2ca4b289651f3b3414469ad106954407822ae10ae2a4ff08d35dadbf1f5f09

  • Size

    30KB

  • Sample

    241103-zv9nbaxkdk

  • MD5

    347bea8e71a1fb34fe6c1f48cb77cef9

  • SHA1

    8c24139f35afccaa2260d05e98a5547fed710527

  • SHA256

    ea2ca4b289651f3b3414469ad106954407822ae10ae2a4ff08d35dadbf1f5f09

  • SHA512

    a62f5088f7f2fcb8006902f32e8086bde72c199ee905ffd884f88fc60f3815e1c05a33aeff748a6533404fe8536c1371255c65e61719fd1120365d4d7d1f804f

  • SSDEEP

    768:kK1Tgbyw3sz2jyngov9rjXjBCKTUAuulFFzqFVOp46msi:kK1Tgbyw3sz2jyngov9rjXjBCKoAuulQ

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://127.0.0.1:8000/arquivos/windows.txt

Targets

    • Target

      ea2ca4b289651f3b3414469ad106954407822ae10ae2a4ff08d35dadbf1f5f09

    • Size

      30KB

    • MD5

      347bea8e71a1fb34fe6c1f48cb77cef9

    • SHA1

      8c24139f35afccaa2260d05e98a5547fed710527

    • SHA256

      ea2ca4b289651f3b3414469ad106954407822ae10ae2a4ff08d35dadbf1f5f09

    • SHA512

      a62f5088f7f2fcb8006902f32e8086bde72c199ee905ffd884f88fc60f3815e1c05a33aeff748a6533404fe8536c1371255c65e61719fd1120365d4d7d1f804f

    • SSDEEP

      768:kK1Tgbyw3sz2jyngov9rjXjBCKTUAuulFFzqFVOp46msi:kK1Tgbyw3sz2jyngov9rjXjBCKoAuulQ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks