7ac905ef2274c447613255322e10d105d7b3aa48fb0b88ecdca541c82de32620 | Triage

Sharing

General

Target

17.ps1
Size

1KB
Sample

241120-rcgwksybmk
MD5

bda6496ce51d89a06a9f7b7c305b3ecc
SHA1

a02b1b08c1e3072f4dd79dcb6ac2a47583e0f99f
SHA256

7ac905ef2274c447613255322e10d105d7b3aa48fb0b88ecdca541c82de32620
SHA512

95f42765dc3fecf8bbd519a7952dd3709b8154ab3ed6643ae5284294f1f30f03633c4b45396e4034d82a0dfcbe67a8ab5f4097b1907b013d5bfc6152a7a2656a

Score

10^/10

execution

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
ftp.frankkingspeaking.com
Port:
21
Username:
[email protected]
Password:
FrankWearsSuitsToDinner

Targets

- Target
  
  17.ps1
- Size
  
  1KB
- MD5
  
  bda6496ce51d89a06a9f7b7c305b3ecc
- SHA1
  
  a02b1b08c1e3072f4dd79dcb6ac2a47583e0f99f
- SHA256
  
  7ac905ef2274c447613255322e10d105d7b3aa48fb0b88ecdca541c82de32620
- SHA512
  
  95f42765dc3fecf8bbd519a7952dd3709b8154ab3ed6643ae5284294f1f30f03633c4b45396e4034d82a0dfcbe67a8ab5f4097b1907b013d5bfc6152a7a2656a
Score

10^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2