Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://drive.google.com/file/d/1G3_2_HJsgv-3XaB1c-1LiB7FCw7Y_e2G/view?usp=sharing" shash="AHgwadQR0oti/LSs1mgMNCbwWr4tIel2pzfy1I5MA5ekINAV05visyc/LzTPeM2L6HUwp3Hfak+cgiZW2PbRpwD6YLs/S/JMmUf/d+1+BcsBf4VxoSqYjQ3itlbZYgMgUPjwQ1Lfo+DbL00md6ce11JacrEw+jJ1/KbLgguscV4=

  • Sample

    250130-hatmxszlgr

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://pastebin.com/raw/bYrRPs5M
exe.dropper

https://files.catbox.moe/sakuuo.msu
exe.dropper

https://files.catbox.moe/6sdjc5.msu
exe.dropper

https://pastebin.com/raw/bYrRPs5M

Targets

    • Target

      https://drive.google.com/file/d/1G3_2_HJsgv-3XaB1c-1LiB7FCw7Y_e2G/view?usp=sharing" shash="AHgwadQR0oti/LSs1mgMNCbwWr4tIel2pzfy1I5MA5ekINAV05visyc/LzTPeM2L6HUwp3Hfak+cgiZW2PbRpwD6YLs/S/JMmUf/d+1+BcsBf4VxoSqYjQ3itlbZYgMgUPjwQ1Lfo+DbL00md6ce11JacrEw+jJ1/KbLgguscV4=

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks