General

  • Target

    http://kodekthungg.com/go/6818d61d-1f2e-4bc0-a98b-c63669acc41f

  • Sample

    241113-ppg11avpek

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://fixedzip.oss-ap-southeast-5.aliyuncs.com/pioneer.txt

Targets

    • Target

      http://kodekthungg.com/go/6818d61d-1f2e-4bc0-a98b-c63669acc41f

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks