Overview

overview

8

Static

static

1

ubuntu2404...uk.ps1

windows11-21h2-x64

8

Resubmissions

06/03/2025, 19:57 UTC

250306-ypg6fawvfw 3

06/03/2025, 19:51 UTC

250306-yk52pswvaw 3

06/03/2025, 00:33 UTC

250306-awjqvatsgy 3

06/03/2025, 00:28 UTC

250306-asg3vatpy3 4

06/03/2025, 00:20 UTC

250306-amt58atnw5 4

13/02/2025, 18:46 UTC

250213-xerfpa1qhl 8

13/02/2025, 17:15 UTC

250213-vs3d1azqgq 8

03/02/2025, 06:19 UTC

250203-g3pc8svlfl 3

20/12/2024, 21:06 UTC

241220-zxvl6stpcv 3

15/12/2024, 03:29 UTC

241215-d2ekvssngx 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ubuntu2404-amd64-20240523-uk.ps1

  • Size

    1B

  • Sample

    250213-xerfpa1qhl

  • MD5

    f1290186a5d0b1ceab27f4e77c0c5d68

  • SHA1

    aff024fe4ab0fece4091de044c58c9ae4233383a

  • SHA256

    50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

  • SHA512

    aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score
8/10
adwarediscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      ubuntu2404-amd64-20240523-uk.ps1

    • Size

      1B

    • MD5

      f1290186a5d0b1ceab27f4e77c0c5d68

    • SHA1

      aff024fe4ab0fece4091de044c58c9ae4233383a

    • SHA256

      50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

    • SHA512

      aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

    Score
    8/10
    adwarediscoveryexecutionpersistenceprivilege_escalationstealer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Browser Extensions

1
T1176

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.