Overview

overview

10

Static

static

1

FILE POWER...LO.ps1

windows7-x64

10

FILE POWER...LO.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FILEPOWERSHELLMALEVOLO.7z

  • Size

    27KB

  • Sample

    241125-q4x67szkaw

  • MD5

    66f2ca8b33e9bf5077193c56c47e2d59

  • SHA1

    c411c1c58ece04637c2d5e22886b086ef3858b54

  • SHA256

    0af312c6ae5a1d708966fb550dcae81f59db5a54421803b40bd8b2752fb7ee89

  • SHA512

    7a26440828624c9147bab72ca583cc4c1bd1c42f0e33ccebfbd329d05a65fe49f53ae46d397d14af477fa6e101ff580bbadd96dfc75836955b1b5108c633dade

  • SSDEEP

    768:TQk3C6lUrYWwqvAp3ivU8PAAkAbGgmCY/W988qwyZCPHAJ:DClrYnpyvU8IQbGyAWq/EK

Score
10/10
sloaddropperexecutionstealertrojan

Malware Config

Targets

    • Target

      FILE POWERSHELL MALEVOLO.txt

    • Size

      104KB

    • MD5

      ef3e1a843da4fb31012afe474447c98b

    • SHA1

      0ca2a653b3cc7d8630e2938c18ce5dda91e0b9b7

    • SHA256

      488d775b3e2118b63dfc26020e5e7a3aa95951f78099ce8e203d50b3e1e0c66d

    • SHA512

      149744665463591cea2798f4efd90b7d5b24c763270e8530c40b7520892b67b0f92b0268456eaa5c545a1984cddca45dddb4e0461c72eee0b3f8db9592f1ec55

    • SSDEEP

      3072:ZtW7qBQqhDmaA8Hch3g+XdZQaPU91ajO3vQSo:gqBQqhDmaA8HW3g+XdZQaPU91ajO3vQH

    Score
    10/10
    sloaddropperexecutionstealertrojan

    • Sload family

      sload

    • sLoad

      sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.

      trojanstealersload

    • Download via BitsAdmin

      dropper

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks