General
-
Target
script.ps1
-
Size
5KB
-
Sample
241110-wwjxhaseka
-
MD5
53edf2bc3f9c5a3cefdf5d5404e62aa2
-
SHA1
84f415f521420a902f1d796c08c97f5eb20e7d69
-
SHA256
91329c2b186e14fc7264018e1ada7df4b22a7b47fd59d5144b916aa05850f97b
-
SHA512
91b1031bccb4d5c576f0b9061bb054f2cad22a19a4ceed9c747327d9437bc0975073708ed6bbcf24a2c02b52f72540eec8b5b96110bf1a598d3f5f27d5a5c0cd
-
SSDEEP
96:T3jL1XW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8a:T3jLRWYoM3LbRRveO4JXnrJxQpu8fjrR
Static task
static1
Behavioral task
behavioral1
Sample
script.ps1
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://discord.com/api/webhooks/1305222842962677880/RET1goVsb6NqqkFKByr48S9Q7-9hwIHuCA1z1MRogltLQf8iK73DuFJyXXVx9xoCyzoa
Targets
-
-
Target
script.ps1
-
Size
5KB
-
MD5
53edf2bc3f9c5a3cefdf5d5404e62aa2
-
SHA1
84f415f521420a902f1d796c08c97f5eb20e7d69
-
SHA256
91329c2b186e14fc7264018e1ada7df4b22a7b47fd59d5144b916aa05850f97b
-
SHA512
91b1031bccb4d5c576f0b9061bb054f2cad22a19a4ceed9c747327d9437bc0975073708ed6bbcf24a2c02b52f72540eec8b5b96110bf1a598d3f5f27d5a5c0cd
-
SSDEEP
96:T3jL1XW6VoM3Lb8IRL139temI64JXnBFJYYQHJu8fHDrP8a:T3jLRWYoM3LbRRveO4JXnrJxQpu8fjrR
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-