79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193 | Triage

Resubmissions

20/02/2025, 21:06

250220-zx4j3svldz 8

20/11/2024, 14:42

241120-r24rmsyerj 8

20/11/2024, 14:32

241120-rwcqzaxfmb 8

Sharing

General

Target

sample
Size

3KB
Sample

241120-rwcqzaxfmb
MD5

196dd5f874d26ca4e672885e9ff7b401
SHA1

3d0a8ce5617fbfec99cfa564222aea749e630963
SHA256

79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193
SHA512

ba1e99bb62ac2079991b2fcd71387219d52715c301291717efa25306274e997ad1056aad1c77e4fb5fb1238a30e598583b60039bdd6ca03aa1deb978a502d63f

Score

8^/10

defense_evasion discovery execution

Malware Config

Targets

- Target
  
  sample
- Size
  
  3KB
- MD5
  
  196dd5f874d26ca4e672885e9ff7b401
- SHA1
  
  3d0a8ce5617fbfec99cfa564222aea749e630963
- SHA256
  
  79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193
- SHA512
  
  ba1e99bb62ac2079991b2fcd71387219d52715c301291717efa25306274e997ad1056aad1c77e4fb5fb1238a30e598583b60039bdd6ca03aa1deb978a502d63f
Score

8^/10

execution defense_evasion discovery
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryexecution