General
-
Target
mainscript.exe
-
Size
19.1MB
-
Sample
241121-hjwhwazfrk
-
MD5
9b1fadec8b232a3d2f482c92149475c6
-
SHA1
b1df21b32be57c5611ad3224ca3099da24893690
-
SHA256
8ddd3c52fced42fdeed80330554a4918e94f903d9cd2007fd2e0d7fda54d905f
-
SHA512
64cf39972bc4815fbdc2ef228060f1e8d181f2be17ee455273e40a1af2f223251cfabd70ca3c6a4accf7ce17e6d603539eec595648abf46c3bbed2aab6b2610a
-
SSDEEP
393216:qvi6JQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBevMyCcMm8G01DIbz:3JMk2W828j1QtI7a8DZc8lB9muDIX
Malware Config
Targets
-
-
Target
mainscript.exe
-
Size
19.1MB
-
MD5
9b1fadec8b232a3d2f482c92149475c6
-
SHA1
b1df21b32be57c5611ad3224ca3099da24893690
-
SHA256
8ddd3c52fced42fdeed80330554a4918e94f903d9cd2007fd2e0d7fda54d905f
-
SHA512
64cf39972bc4815fbdc2ef228060f1e8d181f2be17ee455273e40a1af2f223251cfabd70ca3c6a4accf7ce17e6d603539eec595648abf46c3bbed2aab6b2610a
-
SSDEEP
393216:qvi6JQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBevMyCcMm8G01DIbz:3JMk2W828j1QtI7a8DZc8lB9muDIX
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1