General

  • Target

    code.ps1

  • Size

    1KB

  • Sample

    241104-spegnavkek

  • MD5

    2f0ff769b6cbc97ccc7ebb34a271b2cb

  • SHA1

    c9d0bf41f489bca2e47d2764a933d49fdcb997eb

  • SHA256

    9423ede0f6b299fda929ba6f6dba149367c73b90b11f108010f8f1b00775c0b2

  • SHA512

    c79f627565af61cf25a477417566bd49d5a3ce38f6c6883361adee8fb2b7d9e8517197188f1c54eda04b28fd56edcff0765fde7d356bbd63fb2090094afc6cf0

Score
8/10

Malware Config

Targets

    • Target

      code.ps1

    • Size

      1KB

    • MD5

      2f0ff769b6cbc97ccc7ebb34a271b2cb

    • SHA1

      c9d0bf41f489bca2e47d2764a933d49fdcb997eb

    • SHA256

      9423ede0f6b299fda929ba6f6dba149367c73b90b11f108010f8f1b00775c0b2

    • SHA512

      c79f627565af61cf25a477417566bd49d5a3ce38f6c6883361adee8fb2b7d9e8517197188f1c54eda04b28fd56edcff0765fde7d356bbd63fb2090094afc6cf0

    Score
    8/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks