Overview

overview

8

Static

static

3

mainscript.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mainscript.exe

  • Size

    29.9MB

  • Sample

    241119-x66dxszrf1

  • MD5

    53b794affec84de9d7f8b7c291f7b4ac

  • SHA1

    ccadc574f0b122478ed7f4b7046665de03c89ee3

  • SHA256

    929156b845990ba62f8748908c61e07b89550dd542653df83f01525ce9e0c1e7

  • SHA512

    68e5d5aef07d8a7a7ec0af9cf34888e67d1df922c8cc69c8719ed32ab9e52aa84f899f782efc8cba18c38fea86c9fccc3a58f15ff16a5daab63a47807c5c3a50

  • SSDEEP

    786432:Rg9Yi8MkQ1JnW828P51QtIbSw1JIxHEha8DZcQl8LBDSDID:K9SA1Wr8PXiI2gNs6OLpT

Score
8/10
discoveryexecutionpersistenceprivilege_escalationpyinstaller

Malware Config

Targets

    • Target

      mainscript.exe

    • Size

      29.9MB

    • MD5

      53b794affec84de9d7f8b7c291f7b4ac

    • SHA1

      ccadc574f0b122478ed7f4b7046665de03c89ee3

    • SHA256

      929156b845990ba62f8748908c61e07b89550dd542653df83f01525ce9e0c1e7

    • SHA512

      68e5d5aef07d8a7a7ec0af9cf34888e67d1df922c8cc69c8719ed32ab9e52aa84f899f782efc8cba18c38fea86c9fccc3a58f15ff16a5daab63a47807c5c3a50

    • SSDEEP

      786432:Rg9Yi8MkQ1JnW828P51QtIbSw1JIxHEha8DZcQl8LBDSDID:K9SA1Wr8PXiI2gNs6OLpT

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks