General

  • Target

    516a68bcd0ba36727964cf175ab4bc3f2dad9a8cf6c923eb29d41ea5b8c621a4

  • Size

    15KB

  • Sample

    241126-tktapavlel

  • MD5

    2f5518eab74b27def099fa3fadb06b5d

  • SHA1

    3676f4c0457e6bbf3f343a7222937995ba4c3518

  • SHA256

    516a68bcd0ba36727964cf175ab4bc3f2dad9a8cf6c923eb29d41ea5b8c621a4

  • SHA512

    07bbad84bc499dcb36210260ea3536b064cec1a08d92d90eae06f98f399d7710b248f48085a4017fd44f2ba7b4cee5f973e327719ba69d1af06afbc16d3b53b4

  • SSDEEP

    384:dXPEeBSzKuCjIOIxvTNRX/GC+p/RU3Af7CRRWiwJM:VPEeByCje3RX/spZU3ADCfWip

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://pt.textbin.net/download/x7sf6t2dgv

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=15ocCLsR2ZmidPwSBKFMdpMbEhO5YtYQ4

Targets

    • Target

      516a68bcd0ba36727964cf175ab4bc3f2dad9a8cf6c923eb29d41ea5b8c621a4

    • Size

      15KB

    • MD5

      2f5518eab74b27def099fa3fadb06b5d

    • SHA1

      3676f4c0457e6bbf3f343a7222937995ba4c3518

    • SHA256

      516a68bcd0ba36727964cf175ab4bc3f2dad9a8cf6c923eb29d41ea5b8c621a4

    • SHA512

      07bbad84bc499dcb36210260ea3536b064cec1a08d92d90eae06f98f399d7710b248f48085a4017fd44f2ba7b4cee5f973e327719ba69d1af06afbc16d3b53b4

    • SSDEEP

      384:dXPEeBSzKuCjIOIxvTNRX/GC+p/RU3Af7CRRWiwJM:VPEeByCje3RX/spZU3ADCfWip

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks