General

  • Target

    3863c533a821c836f236edf3d35a278ccf7d00ec1b5087cb662e8aa7ddb7e54f

  • Size

    7KB

  • Sample

    241126-tjytsavlbn

  • MD5

    9fb59ca8e5dbe7036ad7bd3e0d64dc46

  • SHA1

    e63989b5046883141c1b5c80ed9dfe12f5146531

  • SHA256

    3863c533a821c836f236edf3d35a278ccf7d00ec1b5087cb662e8aa7ddb7e54f

  • SHA512

    8ec8ac5cad6a52bc6f11d56f1f276cb187edcdcf90c65cac28b8610549f54b193e957448b5633d0babb06b654c8e35508fb98ed9aaaf37f2ccb06d3600ae4d27

  • SSDEEP

    192:xrXP/xbajZ8EPm/QUN0iIZU0pU3pWBg6HoqBT02:dXP4ruWnK3pWWsLBT7

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=15ocCLsR2ZmidPwSBKFMdpMbEhO5YtYQ4

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pt.textbin.net/download/x7sf6t2dgv

Targets

    • Target

      3863c533a821c836f236edf3d35a278ccf7d00ec1b5087cb662e8aa7ddb7e54f

    • Size

      7KB

    • MD5

      9fb59ca8e5dbe7036ad7bd3e0d64dc46

    • SHA1

      e63989b5046883141c1b5c80ed9dfe12f5146531

    • SHA256

      3863c533a821c836f236edf3d35a278ccf7d00ec1b5087cb662e8aa7ddb7e54f

    • SHA512

      8ec8ac5cad6a52bc6f11d56f1f276cb187edcdcf90c65cac28b8610549f54b193e957448b5633d0babb06b654c8e35508fb98ed9aaaf37f2ccb06d3600ae4d27

    • SSDEEP

      192:xrXP/xbajZ8EPm/QUN0iIZU0pU3pWBg6HoqBT02:dXP4ruWnK3pWWsLBT7

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks