General

  • Target

    ca57e4060a2afea98eaca795548668cef05e15c0f3a731c1ddc1aac7562abbd1

  • Size

    7KB

  • Sample

    241126-tkcb6svlcq

  • MD5

    d9261e8c36689bfd3facc18f17910dc1

  • SHA1

    ca0b6f093448082a736cc3ea3badf5adeea3ab4e

  • SHA256

    ca57e4060a2afea98eaca795548668cef05e15c0f3a731c1ddc1aac7562abbd1

  • SHA512

    292a0da0b19e6f8950957804ea6cf6a98da954fbc78995481143ac8570793d77a204f732e5b514a503022ac1a1fdc51ad5190478db3f4244271ba2860165a36a

  • SSDEEP

    192:xrXP/aKv8DGxzU0AGgMBnUI0JTuayR1NWO:dXPJxltL9UI0JyayRh

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=15ocCLsR2ZmidPwSBKFMdpMbEhO5YtYQ4

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pt.textbin.net/download/x7sf6t2dgv

Targets

    • Target

      ca57e4060a2afea98eaca795548668cef05e15c0f3a731c1ddc1aac7562abbd1

    • Size

      7KB

    • MD5

      d9261e8c36689bfd3facc18f17910dc1

    • SHA1

      ca0b6f093448082a736cc3ea3badf5adeea3ab4e

    • SHA256

      ca57e4060a2afea98eaca795548668cef05e15c0f3a731c1ddc1aac7562abbd1

    • SHA512

      292a0da0b19e6f8950957804ea6cf6a98da954fbc78995481143ac8570793d77a204f732e5b514a503022ac1a1fdc51ad5190478db3f4244271ba2860165a36a

    • SSDEEP

      192:xrXP/aKv8DGxzU0AGgMBnUI0JTuayR1NWO:dXPJxltL9UI0JyayRh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks