071bdff08a6119b3a845f1dd9b10f7b7ead26e56b845137d4e5a96538bb917d4 | Triage

Sharing

General

Target

trigger.ps1
Size

116B
Sample

241120-27wckaweln
MD5

136bd5042c063ee3047b2cf91ce3a13e
SHA1

8ee372eff6166cea45b32f40008dca9a61a75b5a
SHA256

071bdff08a6119b3a845f1dd9b10f7b7ead26e56b845137d4e5a96538bb917d4
SHA512

4fca5f9b18251a2ee461fa2406f4387749ac183262f20001c270d544a2bf5272dabd0b2beb886384e9e9525f63d37cb938741151128a5baa3077d1a8c7fe722d

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://benetinc.com/next/zukaz.txt

Targets

- Target
  
  trigger.ps1
- Size
  
  116B
- MD5
  
  136bd5042c063ee3047b2cf91ce3a13e
- SHA1
  
  8ee372eff6166cea45b32f40008dca9a61a75b5a
- SHA256
  
  071bdff08a6119b3a845f1dd9b10f7b7ead26e56b845137d4e5a96538bb917d4
- SHA512
  
  4fca5f9b18251a2ee461fa2406f4387749ac183262f20001c270d544a2bf5272dabd0b2beb886384e9e9525f63d37cb938741151128a5baa3077d1a8c7fe722d
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution