General
-
Target
mainscript.exe
-
Size
30.5MB
-
Sample
241120-f5w1eswrbm
-
MD5
4c790adfa99d80849e83a2eac5d0130f
-
SHA1
a2f47f2f0c209786fa650f9cb58ffe507e79ee76
-
SHA256
02168cab6290cbf79075cb8d13a71637cad3aab2026e4b3a63dd4656d8c1da94
-
SHA512
e2c17c741e88d2a85c00f6c454473df485a2577726b6643a62b788996175469244ac7864210dbbc98f886a1cf97917a0dbc413568b8468f0a7d28b4e30373a1c
-
SSDEEP
786432:ef9Yi8MkQ1JnW828P51QtIbSw1JIxHEha8DZcQl8lBDQDIhZY:a9SA1Wr8PXiI2gNs6Olpt
Malware Config
Targets
-
-
Target
mainscript.exe
-
Size
30.5MB
-
MD5
4c790adfa99d80849e83a2eac5d0130f
-
SHA1
a2f47f2f0c209786fa650f9cb58ffe507e79ee76
-
SHA256
02168cab6290cbf79075cb8d13a71637cad3aab2026e4b3a63dd4656d8c1da94
-
SHA512
e2c17c741e88d2a85c00f6c454473df485a2577726b6643a62b788996175469244ac7864210dbbc98f886a1cf97917a0dbc413568b8468f0a7d28b4e30373a1c
-
SSDEEP
786432:ef9Yi8MkQ1JnW828P51QtIbSw1JIxHEha8DZcQl8lBDQDIhZY:a9SA1Wr8PXiI2gNs6Olpt
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1