General
-
Target
script.ps1
-
Size
5KB
-
Sample
241110-w8t81awjal
-
MD5
a113b2d31b132701324ec45132fc05be
-
SHA1
0800a738b3e805daab2d475ae58bbd824c8562a0
-
SHA256
b9f196093014f22efaba3c5c91f5fd257ef29b7cd8633c18a38e2bca4069f159
-
SHA512
9de7563bb3d4234d5631060f2e1bd0844859b108770cde43b9901d4dcace190e4344b0355d667b9e748beb5fa9a5a95262bcd5d911d256c54dc90ab209b3293d
-
SSDEEP
96:Twm7jL1teaW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T57jLjDWYoM3LbRRveO4JXnrJxQpu8fs
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://discord.com/api/webhooks/1305238833092231299/9D_IvtCO1zqIjm9lUvYi8PZH6nBEc-aV791DJEvYK3G01uixxzauUJy_1pBV3gOB0KZj
Targets
-
-
Target
script.ps1
-
Size
5KB
-
MD5
a113b2d31b132701324ec45132fc05be
-
SHA1
0800a738b3e805daab2d475ae58bbd824c8562a0
-
SHA256
b9f196093014f22efaba3c5c91f5fd257ef29b7cd8633c18a38e2bca4069f159
-
SHA512
9de7563bb3d4234d5631060f2e1bd0844859b108770cde43b9901d4dcace190e4344b0355d667b9e748beb5fa9a5a95262bcd5d911d256c54dc90ab209b3293d
-
SSDEEP
96:Twm7jL1teaW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T57jLjDWYoM3LbRRveO4JXnrJxQpu8fs
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-