General
-
Target
1.ps1
-
Size
3.0MB
-
Sample
241111-144dbsxhkr
-
MD5
651274c1546db77df07ed4053b70497b
-
SHA1
2f78e2687f1d0467f1bb0da77433852d44f16d1c
-
SHA256
6e2338fa2db8bac3ccee6a9bc11e1a233aa4c6b69b830f13700ada24f2cdbd4e
-
SHA512
f80f93d6f180a6b9f78b957074dd1e4c4817808c6b3560104ecda5ddc59f5f94f9787b65390c9c68adeb23fc3605db659a540d59448ab722eb9122a913d66c49
-
SSDEEP
1536:S6suWxv26NMxHpJk/NLCtPrLHTgvXHLAXKZice10lsKcB8xm6OnQ1Vi1KfFFzO1H:jxl
Static task
static1
Behavioral task
behavioral1
Sample
1.ps1
Resource
win10v2004-20241007-uk
Behavioral task
behavioral2
Sample
1.ps1
Resource
win11-20241023-uk
Malware Config
Targets
-
-
Target
1.ps1
-
Size
3.0MB
-
MD5
651274c1546db77df07ed4053b70497b
-
SHA1
2f78e2687f1d0467f1bb0da77433852d44f16d1c
-
SHA256
6e2338fa2db8bac3ccee6a9bc11e1a233aa4c6b69b830f13700ada24f2cdbd4e
-
SHA512
f80f93d6f180a6b9f78b957074dd1e4c4817808c6b3560104ecda5ddc59f5f94f9787b65390c9c68adeb23fc3605db659a540d59448ab722eb9122a913d66c49
-
SSDEEP
1536:S6suWxv26NMxHpJk/NLCtPrLHTgvXHLAXKZice10lsKcB8xm6OnQ1Vi1KfFFzO1H:jxl
Score7/10-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-