897f7ff8eb2f049f340deb3891622bbe656d6d59ec03dc6aebd92bb0c20cf312

General

Target

ps1005.ps1
Size

754KB
Sample

241122-j6958atkbr
MD5

a2c4cc351ca68d5557993baefa5f004c
SHA1

4f340f6e249581d5819e9e91da3d15e920920f4d
SHA256

897f7ff8eb2f049f340deb3891622bbe656d6d59ec03dc6aebd92bb0c20cf312
SHA512

1e2195e002ebed21cf0260961ac8707bd46c062e112cc6a853305416a80fd12ef1b1fec6a3f6fde15289350fabb7cd8e74e633091a075f5f168b0c9b3e51a2d5
SSDEEP

12288:8ppYXT60Mv5a8kebcetZ3Aq74GA19Td1JplTmu5jP+D/43EeI1gZEtd14Q2fewYp:fXWZ5Pbcq92zjP+sjI10+r4Q2sp

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://habarimoto24.com/nh

exe.dropper

http://fenett2018.com/dobgx

exe.dropper

http://eastend.jp/bl5kfa

exe.dropper

http://bemnyc.com/u8erijeq

exe.dropper

http://abakus-biuro.net//a9zqemm

exe.dropper

http://yourmother4cancer.info/Nereidae/ZdDZ/umping?HGn3Nw=1932-05-23

Targets

- Target
  
  ps1005.ps1
- Size
  
  754KB
- MD5
  
  a2c4cc351ca68d5557993baefa5f004c
- SHA1
  
  4f340f6e249581d5819e9e91da3d15e920920f4d
- SHA256
  
  897f7ff8eb2f049f340deb3891622bbe656d6d59ec03dc6aebd92bb0c20cf312
- SHA512
  
  1e2195e002ebed21cf0260961ac8707bd46c062e112cc6a853305416a80fd12ef1b1fec6a3f6fde15289350fabb7cd8e74e633091a075f5f168b0c9b3e51a2d5
- SSDEEP
  
  12288:8ppYXT60Mv5a8kebcetZ3Aq74GA19Td1JplTmu5jP+D/43EeI1gZEtd14Q2fewYp:fXWZ5Pbcq92zjP+sjI10+r4Q2sp
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2