Resubmissions

21-11-2024 22:02

241121-1xyjhayjfv 10

General

  • Target

    CyberDEV Client.zip

  • Size

    55.9MB

  • Sample

    241121-1xyjhayjfv

  • MD5

    ad556d641cf1b45dfa32d2cf7131c711

  • SHA1

    d12ed4f1bba17f399d8221ff6964b049bfdf0955

  • SHA256

    7b476bbfc4d37fa50c1c5bec98b2e8aede8087b8873eb7de27b78ad4446dddbe

  • SHA512

    00def17b19fff0f5618da1ab01a97aa07e517c612b5a562b1acf5f5eaa3d2c7d83af5b468292e32c3db3f64452a7d75912446785c5fd63e46dc35645a8c33fef

  • SSDEEP

    1572864:ify3jDn6crTEyjuHvRl8KQNKlCziTYcGHDX/nGYl/LxL6Ya:NHrTEpHvRl8VKlxzGS2N6Ya

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.python.org/ftp/python/3.11.0/python-3.11.0-amd64.exe

Targets

    • Target

      CyberDEV Client.zip

    • Size

      55.9MB

    • MD5

      ad556d641cf1b45dfa32d2cf7131c711

    • SHA1

      d12ed4f1bba17f399d8221ff6964b049bfdf0955

    • SHA256

      7b476bbfc4d37fa50c1c5bec98b2e8aede8087b8873eb7de27b78ad4446dddbe

    • SHA512

      00def17b19fff0f5618da1ab01a97aa07e517c612b5a562b1acf5f5eaa3d2c7d83af5b468292e32c3db3f64452a7d75912446785c5fd63e46dc35645a8c33fef

    • SSDEEP

      1572864:ify3jDn6crTEyjuHvRl8KQNKlCziTYcGHDX/nGYl/LxL6Ya:NHrTEpHvRl8VKlxzGS2N6Ya

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks