20b3dc9a088153eb974afee08192cd0b78c96b847e5705cea818c50043c3bddf

Resubmissions

21-01-2025 14:05

250121-rd357sxper 8

20-01-2025 21:06

250120-zx14ysyqdn 10

Sharing

Copy URL

Twitter E-mail

General

Target

file01.ps1
Size

35B
Sample

250121-rd357sxper
MD5

684c57981b5ed26047c34aee9a2453a1
SHA1

2e154e9c0e6abc9a2bc852aeb941fe5d3117fa3e
SHA256

20b3dc9a088153eb974afee08192cd0b78c96b847e5705cea818c50043c3bddf
SHA512

cca14c6add1e0dfed54e0fe425489bf430bcc438acf386fe4d68cf040fbe55e9997b0d85bcd8cca56e66721292497894b599c919f3af248b4a2ef8a1d112c51b

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  file01.ps1
- Size
  
  35B
- MD5
  
  684c57981b5ed26047c34aee9a2453a1
- SHA1
  
  2e154e9c0e6abc9a2bc852aeb941fe5d3117fa3e
- SHA256
  
  20b3dc9a088153eb974afee08192cd0b78c96b847e5705cea818c50043c3bddf
- SHA512
  
  cca14c6add1e0dfed54e0fe425489bf430bcc438acf386fe4d68cf040fbe55e9997b0d85bcd8cca56e66721292497894b599c919f3af248b4a2ef8a1d112c51b
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2