8e29f931f24567f7ccd5f4abee991cbedb741a999477a20b3b4d1ed57bb0ef88 | Triage

Sharing

General

Target

msg.txt
Size

10KB
Sample

241221-r37vpa1nes
MD5

5914e89bcedaaac02edcbb785434efdd
SHA1

26cee98c9b33feb10d4b56b292b9b6034529505d
SHA256

8e29f931f24567f7ccd5f4abee991cbedb741a999477a20b3b4d1ed57bb0ef88
SHA512

0e27804f24c308b3c8cf949857d29242602b041cd724cb0090de09ddf44f0c6d6c2e491418c643b1295aac6a619393fe3c9179cb94092b616532110f0504eef4
SSDEEP

192:OQQCEE5IutuAgqxWeFz1z2FQTixkEcnrYFQRiSZmEDtCyh/:JNxWkQFQ5r0FQYu/

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://raw.githubusercontent.com/Notsurewtf/9219313923123313-systemkey-finder/main/ChangeLog.txt

exe.dropper

https://raw.githubusercontent.com/Notsurewtf/shiny-tribble/refs/heads/main/funny

Targets

- Target
  
  msg.txt
- Size
  
  10KB
- MD5
  
  5914e89bcedaaac02edcbb785434efdd
- SHA1
  
  26cee98c9b33feb10d4b56b292b9b6034529505d
- SHA256
  
  8e29f931f24567f7ccd5f4abee991cbedb741a999477a20b3b4d1ed57bb0ef88
- SHA512
  
  0e27804f24c308b3c8cf949857d29242602b041cd724cb0090de09ddf44f0c6d6c2e491418c643b1295aac6a619393fe3c9179cb94092b616532110f0504eef4
- SSDEEP
  
  192:OQQCEE5IutuAgqxWeFz1z2FQTixkEcnrYFQRiSZmEDtCyh/:JNxWkQFQ5r0FQYu/
Score

8^/10

execution
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1