General

  • Target

    1.ps1

  • Size

    3.0MB

  • Sample

    241111-144dbsxhkr

  • MD5

    651274c1546db77df07ed4053b70497b

  • SHA1

    2f78e2687f1d0467f1bb0da77433852d44f16d1c

  • SHA256

    6e2338fa2db8bac3ccee6a9bc11e1a233aa4c6b69b830f13700ada24f2cdbd4e

  • SHA512

    f80f93d6f180a6b9f78b957074dd1e4c4817808c6b3560104ecda5ddc59f5f94f9787b65390c9c68adeb23fc3605db659a540d59448ab722eb9122a913d66c49

  • SSDEEP

    1536:S6suWxv26NMxHpJk/NLCtPrLHTgvXHLAXKZice10lsKcB8xm6OnQ1Vi1KfFFzO1H:jxl

Malware Config

Targets

    • Target

      1.ps1

    • Size

      3.0MB

    • MD5

      651274c1546db77df07ed4053b70497b

    • SHA1

      2f78e2687f1d0467f1bb0da77433852d44f16d1c

    • SHA256

      6e2338fa2db8bac3ccee6a9bc11e1a233aa4c6b69b830f13700ada24f2cdbd4e

    • SHA512

      f80f93d6f180a6b9f78b957074dd1e4c4817808c6b3560104ecda5ddc59f5f94f9787b65390c9c68adeb23fc3605db659a540d59448ab722eb9122a913d66c49

    • SSDEEP

      1536:S6suWxv26NMxHpJk/NLCtPrLHTgvXHLAXKZice10lsKcB8xm6OnQ1Vi1KfFFzO1H:jxl

    • Deletes itself

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks