b0d31cb84054482bb04e6b202952c2c58303c299af14098ee4068ba8ad5f8ca4 | Triage

Resubmissions

11-01-2025 15:57

250111-tedcaavqcj 3

11-01-2025 15:11

250111-skleeasjgx 10

Sharing

General

Target

Potato Graphics Optimzier By Trend Rise.rar
Size

9.6MB
Sample

250111-skleeasjgx
MD5

5905729d87a0fb6c0cc8c4cae4e40c13
SHA1

c5dd042d9b575b9a2f0c04b1c9a75bb466cb240d
SHA256

b0d31cb84054482bb04e6b202952c2c58303c299af14098ee4068ba8ad5f8ca4
SHA512

2618b20d55d7ade21aaff229b57e7dc04c054b249d17b719f3c5f57a6a9ed79bb1d443e916b308ac575f0ce51074662c31b4b7a2e5d54c3aa9e1012fa86c565d
SSDEEP

196608:JGjvZgMoIWnxwBAlgr9hz9R3RUdNt18W/tax96PrRBfqml:JGjhgMXigggr9B9lSNt1Fc9crv9l

Score

10^/10

execution pyinstaller

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?id=1HBo8IqFE59LES8u4NBmDUhQUrO91Om_E

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?id=1mnY2sQF61KSqEVGu4ncGwo1ppoGm0Thh

Targets

- Target
  
  Potato Graphics Optimzier By Trend Rise.exe
- Size
  
  10.0MB
- MD5
  
  37df7d45749e60a1b3dd28ef7158a132
- SHA1
  
  0f8ec2456b884d7a6fcf05ca303b4eed319a99eb
- SHA256
  
  352b2925ee7f30dbf0f1fb5a1b99dc01ad5b19d152e74f2a4eb8c5f5d7eeade1
- SHA512
  
  594eff99a1b09c0d4f37395ee8bb72abf2f18133d397be236668a6ff60822c5f82db6f1e641edb4772d37d841b0872b3de7a4897c4dde93954b3ad456d16b596
- SSDEEP
  
  196608:Wc8b8l0W8UA5kdaXMCHGLLc54i1wN+wrRRu7NtbFRKnZMQ4Jkz9RwprQqaW5DSGp:azW82cXMCHWUjorRQ7XbFsn6QLwzr5mp
Score

10^/10

execution
- Blocklisted process makes network request
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1