General

  • Target

    16ed82c39631c064df6e4790a55f9c766ba6747307c864eed489204dac021497

  • Size

    7KB

  • Sample

    241126-tf2q9svjhn

  • MD5

    51b6a6b674b708af7d355f5b855f1f28

  • SHA1

    427f1a1ffb6235dbc91a8bb2ab7e0e89f1d669b5

  • SHA256

    16ed82c39631c064df6e4790a55f9c766ba6747307c864eed489204dac021497

  • SHA512

    dd5d7fc3940d8e1a783373b10a8595a364becfe7650a6f3f32e6b871dca1ee5623db6cb8d4b9b871c0a6ec1b47176860574af6333ccf1fdcf769041feea871af

  • SSDEEP

    192:xrXP/3GViyiM8+5byn/nKM5TYgcnHyvakYSq3YD:dXPuE+ann5TRs/Z3K

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=15ocCLsR2ZmidPwSBKFMdpMbEhO5YtYQ4

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pt.textbin.net/download/itm1dkgz7c

Targets

    • Target

      16ed82c39631c064df6e4790a55f9c766ba6747307c864eed489204dac021497

    • Size

      7KB

    • MD5

      51b6a6b674b708af7d355f5b855f1f28

    • SHA1

      427f1a1ffb6235dbc91a8bb2ab7e0e89f1d669b5

    • SHA256

      16ed82c39631c064df6e4790a55f9c766ba6747307c864eed489204dac021497

    • SHA512

      dd5d7fc3940d8e1a783373b10a8595a364becfe7650a6f3f32e6b871dca1ee5623db6cb8d4b9b871c0a6ec1b47176860574af6333ccf1fdcf769041feea871af

    • SSDEEP

      192:xrXP/3GViyiM8+5byn/nKM5TYgcnHyvakYSq3YD:dXPuE+ann5TRs/Z3K

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks