1f072cb290bdfe1d7d5bd2054306b162cb771abddc31bfbf3cc8de58c28bc12f | Triage

Sharing

General

Target

KeyLoogerinst.ps1
Size

1KB
Sample

250129-yd1teaxmhx
MD5

a048b907eb0c24e2c002414c02290674
SHA1

8992bc63f90784529e5e1c5f332a4dd9763e4333
SHA256

1f072cb290bdfe1d7d5bd2054306b162cb771abddc31bfbf3cc8de58c28bc12f
SHA512

be812afc37000297d48e58a6c5d023d6f3a0d43c07188a029445ac0c804938e03d7454c9f484e940e12ef3fcbb59c9c2c48645d2017699e09b682e2312cfe57d

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.python.org/ftp/python/3.13.1/python-3.13.1-amd64.exe

exe.dropper

https://drive.google.com/drive/folders/1k7H7l3JvKDAEmR-63RC2fb7mo5Ub4Hx8?usp=drive_link

Targets

- Target
  
  KeyLoogerinst.ps1
- Size
  
  1KB
- MD5
  
  a048b907eb0c24e2c002414c02290674
- SHA1
  
  8992bc63f90784529e5e1c5f332a4dd9763e4333
- SHA256
  
  1f072cb290bdfe1d7d5bd2054306b162cb771abddc31bfbf3cc8de58c28bc12f
- SHA512
  
  be812afc37000297d48e58a6c5d023d6f3a0d43c07188a029445ac0c804938e03d7454c9f484e940e12ef3fcbb59c9c2c48645d2017699e09b682e2312cfe57d
Score

8^/10

execution discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution