General
-
Target
script.ps1
-
Size
5KB
-
Sample
241110-w2bhba1qgw
-
MD5
1fd63697dba5c3d63f317d4b8c4962f9
-
SHA1
130bf0175e8d7774a49f8b98db4c24cd4b008cf5
-
SHA256
3e52bcd3cb8836e3a896db0eeffce225571cad7b7a2298d9bc5296f50f0d0812
-
SHA512
a125e84629adf75bb3d55ab34d89db90b03f3bd2a39a568316a6be984248bd8489c2b4646155486ae1d0e75b0bc756b6162f704a61c38fb2f5b5e30a20e5651c
-
SSDEEP
96:T3jL1tDGHGwHpj6UlyThd6ra7+DqbZ0PqtJPEJrKb8r9JJxnO0tTiF:T3jLjDGHGwJjfyTG2PaqtJPEJrSgJJNA
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa
Targets
-
-
Target
script.ps1
-
Size
5KB
-
MD5
1fd63697dba5c3d63f317d4b8c4962f9
-
SHA1
130bf0175e8d7774a49f8b98db4c24cd4b008cf5
-
SHA256
3e52bcd3cb8836e3a896db0eeffce225571cad7b7a2298d9bc5296f50f0d0812
-
SHA512
a125e84629adf75bb3d55ab34d89db90b03f3bd2a39a568316a6be984248bd8489c2b4646155486ae1d0e75b0bc756b6162f704a61c38fb2f5b5e30a20e5651c
-
SSDEEP
96:T3jL1tDGHGwHpj6UlyThd6ra7+DqbZ0PqtJPEJrKb8r9JJxnO0tTiF:T3jLjDGHGwJjfyTG2PaqtJPEJrSgJJNA
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-