General
-
Target
mainscript.exe
-
Size
19.1MB
-
Sample
241121-hdphdatpeq
-
MD5
4b6e88ec46a4f09addfa9a43101b7eed
-
SHA1
898f590cf16c849742f96ff9d16de023765d293c
-
SHA256
5d4155f51cd7f7c309bc479bf39bb6eb7a9ab1deeb6f13345f4b022b41162d5a
-
SHA512
a74d962d61af7b77ac88a0937c2566d401d088b7d2c3890697a87e24821b1675caf648b57056af7228747838c3e60db968be7679f068205e8a9dd99ec44815da
-
SSDEEP
393216:Mvi6JQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBRvMyCcym8G01DIjz:xJMk2W828j1QtI7a8DZc8yBjmuDIf
Malware Config
Targets
-
-
Target
mainscript.exe
-
Size
19.1MB
-
MD5
4b6e88ec46a4f09addfa9a43101b7eed
-
SHA1
898f590cf16c849742f96ff9d16de023765d293c
-
SHA256
5d4155f51cd7f7c309bc479bf39bb6eb7a9ab1deeb6f13345f4b022b41162d5a
-
SHA512
a74d962d61af7b77ac88a0937c2566d401d088b7d2c3890697a87e24821b1675caf648b57056af7228747838c3e60db968be7679f068205e8a9dd99ec44815da
-
SSDEEP
393216:Mvi6JQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBRvMyCcym8G01DIjz:xJMk2W828j1QtI7a8DZc8yBjmuDIf
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1