General

  • Target

    script.ps1

  • Size

    5KB

  • Sample

    241110-w8t81awjal

  • MD5

    a113b2d31b132701324ec45132fc05be

  • SHA1

    0800a738b3e805daab2d475ae58bbd824c8562a0

  • SHA256

    b9f196093014f22efaba3c5c91f5fd257ef29b7cd8633c18a38e2bca4069f159

  • SHA512

    9de7563bb3d4234d5631060f2e1bd0844859b108770cde43b9901d4dcace190e4344b0355d667b9e748beb5fa9a5a95262bcd5d911d256c54dc90ab209b3293d

  • SSDEEP

    96:Twm7jL1teaW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T57jLjDWYoM3LbRRveO4JXnrJxQpu8fs

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://discord.com/api/webhooks/1305238833092231299/9D_IvtCO1zqIjm9lUvYi8PZH6nBEc-aV791DJEvYK3G01uixxzauUJy_1pBV3gOB0KZj

Targets

    • Target

      script.ps1

    • Size

      5KB

    • MD5

      a113b2d31b132701324ec45132fc05be

    • SHA1

      0800a738b3e805daab2d475ae58bbd824c8562a0

    • SHA256

      b9f196093014f22efaba3c5c91f5fd257ef29b7cd8633c18a38e2bca4069f159

    • SHA512

      9de7563bb3d4234d5631060f2e1bd0844859b108770cde43b9901d4dcace190e4344b0355d667b9e748beb5fa9a5a95262bcd5d911d256c54dc90ab209b3293d

    • SSDEEP

      96:Twm7jL1teaW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8v:T57jLjDWYoM3LbRRveO4JXnrJxQpu8fs

    Score
    8/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks