d7ccf8e2a7d4aece2edeebe63040f88d4286c970ef6bc4234a621df8cdd07107 | Triage

Sharing

General

Target

ps1009.ps1
Size

520B
Sample

241122-j6958axlct
MD5

c100e6153b0f8d39677fe8118c01b474
SHA1

39181decefe22616cfa2d4444810fdbf26ba9a6c
SHA256

d7ccf8e2a7d4aece2edeebe63040f88d4286c970ef6bc4234a621df8cdd07107
SHA512

6f5c2e66ad7a56bfd6993ed738a24d4205746bf45ea0368c4894b2b82f0098aeec8ec00531ff7c947cd6b7677ef8e70e5008f78af9d6183a0e8fd121e6e1bb72

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://108.61.211.36/index.asp

Targets

- Target
  
  ps1009.ps1
- Size
  
  520B
- MD5
  
  c100e6153b0f8d39677fe8118c01b474
- SHA1
  
  39181decefe22616cfa2d4444810fdbf26ba9a6c
- SHA256
  
  d7ccf8e2a7d4aece2edeebe63040f88d4286c970ef6bc4234a621df8cdd07107
- SHA512
  
  6f5c2e66ad7a56bfd6993ed738a24d4205746bf45ea0368c4894b2b82f0098aeec8ec00531ff7c947cd6b7677ef8e70e5008f78af9d6183a0e8fd121e6e1bb72
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2