General
-
Target
script.ps1
-
Size
5KB
-
Sample
241110-w41vzsvrbr
-
MD5
4ea0d3ddf52c65d8aa5ff1b269b69ad6
-
SHA1
ccaf219e952e7f33c181c797d7306b4f41479f52
-
SHA256
7e4f7184c4eddd2a0779320fd79ef05574649dd63add6fb4b7d5a3ccbfa650e0
-
SHA512
cd3c1f68667323c5c90965bb940931b66297466ef7b0ff0d6b1845df1b29509dcbcdf6feb4b31d13cc96738616fe785f2a3270fb9673aac46eefeee2a9dcd171
-
SSDEEP
96:T3jL1teXW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T3jLj6WYoM3LbRRveO4JXnrJxQpu8fjA
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa
Targets
-
-
Target
script.ps1
-
Size
5KB
-
MD5
4ea0d3ddf52c65d8aa5ff1b269b69ad6
-
SHA1
ccaf219e952e7f33c181c797d7306b4f41479f52
-
SHA256
7e4f7184c4eddd2a0779320fd79ef05574649dd63add6fb4b7d5a3ccbfa650e0
-
SHA512
cd3c1f68667323c5c90965bb940931b66297466ef7b0ff0d6b1845df1b29509dcbcdf6feb4b31d13cc96738616fe785f2a3270fb9673aac46eefeee2a9dcd171
-
SSDEEP
96:T3jL1teXW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T3jLj6WYoM3LbRRveO4JXnrJxQpu8fjA
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-