General

  • Target

    YoutubeDownloader.runtimeconfig.rar

  • Size

    300B

  • Sample

    241110-wgcvms1grq

  • MD5

    287897f76448ab20fc3b73f736a5ac83

  • SHA1

    f87828db56277060c7aa018acbe542429d2fdceb

  • SHA256

    6d6bed1f19248b9190ce9af0af60f468fd27e7ca41c47d64fd89442437638f66

  • SHA512

    2e347def910e04ca89236871c4d5749a474e903abd76619400f443abd9eda21e171d5601f402eb2a241f79a3208f44bab85deb67f6d60d601210101c7d9f124e

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://my-hub.top/update

exe.dropper

https://my-hub.top/update

Targets

    • Target

      YoutubeDownloader.runtimeconfig.txt

    • Size

      207B

    • MD5

      f86afe6d955daebd739c8ddb82a77235

    • SHA1

      89786c852e7d7585f375e69cc59a03beb66d9bdb

    • SHA256

      ba549043399e09a1c33300b4fa41df8e66bb36980cc6ed948b27f2bf5286d56b

    • SHA512

      d8373de57760e0832d2e25532978ab5f78c710630b4dbdf15284a3abd2f4b3ed36eea0c5457a29cd2d2e921d6e7e167ebafbf00a37832ccdc99ce587751a053b

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks