48b4268c01c091b177661fce94033b95db62ece0a795cefb50781782804a3998

General

Target

ps1002.ps1
Size

798KB
Sample

241122-kfzggaxnbt
MD5

c2de8908bd27de43e802ab31bd502e75
SHA1

469571354842d62112c033dffcb8fd15f214a82f
SHA256

48b4268c01c091b177661fce94033b95db62ece0a795cefb50781782804a3998
SHA512

cea91a3510dadc10a7946fba5c6bb39bdd08d9d1342d2ff8db951492284d60917881b7be1fdd2bb816a562fb04537334807191bce5847af35c20400056524b5a
SSDEEP

12288:8ppYXT60Mv5a8kebcetZ3Aq74GA19Td1JplTmu5jP+D/43EeI1gZEtd14Q2f9Wlu:fXWZ5Pbcq92zjP+sjI10+r4Q2QJoxZ

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://habarimoto24.com/nh

exe.dropper

http://fenett2018.com/dobgx

exe.dropper

http://eastend.jp/bl5kfa

exe.dropper

http://bemnyc.com/u8erijeq

exe.dropper

http://abakus-biuro.net//a9zqemm

exe.dropper

http://yourmother4cancer.info/Nereidae/ZdDZ/umping?HGn3Nw=1932-05-23

Targets

- Target
  
  ps1002.ps1
- Size
  
  798KB
- MD5
  
  c2de8908bd27de43e802ab31bd502e75
- SHA1
  
  469571354842d62112c033dffcb8fd15f214a82f
- SHA256
  
  48b4268c01c091b177661fce94033b95db62ece0a795cefb50781782804a3998
- SHA512
  
  cea91a3510dadc10a7946fba5c6bb39bdd08d9d1342d2ff8db951492284d60917881b7be1fdd2bb816a562fb04537334807191bce5847af35c20400056524b5a
- SSDEEP
  
  12288:8ppYXT60Mv5a8kebcetZ3Aq74GA19Td1JplTmu5jP+D/43EeI1gZEtd14Q2f9Wlu:fXWZ5Pbcq92zjP+sjI10+r4Q2QJoxZ
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2