General

  • Target

    script.ps1

  • Size

    5KB

  • Sample

    241110-w2bhba1qgw

  • MD5

    1fd63697dba5c3d63f317d4b8c4962f9

  • SHA1

    130bf0175e8d7774a49f8b98db4c24cd4b008cf5

  • SHA256

    3e52bcd3cb8836e3a896db0eeffce225571cad7b7a2298d9bc5296f50f0d0812

  • SHA512

    a125e84629adf75bb3d55ab34d89db90b03f3bd2a39a568316a6be984248bd8489c2b4646155486ae1d0e75b0bc756b6162f704a61c38fb2f5b5e30a20e5651c

  • SSDEEP

    96:T3jL1tDGHGwHpj6UlyThd6ra7+DqbZ0PqtJPEJrKb8r9JJxnO0tTiF:T3jLjDGHGwJjfyTG2PaqtJPEJrSgJJNA

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa

Targets

    • Target

      script.ps1

    • Size

      5KB

    • MD5

      1fd63697dba5c3d63f317d4b8c4962f9

    • SHA1

      130bf0175e8d7774a49f8b98db4c24cd4b008cf5

    • SHA256

      3e52bcd3cb8836e3a896db0eeffce225571cad7b7a2298d9bc5296f50f0d0812

    • SHA512

      a125e84629adf75bb3d55ab34d89db90b03f3bd2a39a568316a6be984248bd8489c2b4646155486ae1d0e75b0bc756b6162f704a61c38fb2f5b5e30a20e5651c

    • SSDEEP

      96:T3jL1tDGHGwHpj6UlyThd6ra7+DqbZ0PqtJPEJrKb8r9JJxnO0tTiF:T3jLjDGHGwJjfyTG2PaqtJPEJrSgJJNA

    Score
    8/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks