79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193 | Triage

Resubmissions

20/02/2025, 21:06

250220-zx4j3svldz 8

20/11/2024, 14:42

241120-r24rmsyerj 8

20/11/2024, 14:32

241120-rwcqzaxfmb 8

Sharing

General

Target

sample
Size

3KB
Sample

250220-zx4j3svldz
MD5

196dd5f874d26ca4e672885e9ff7b401
SHA1

3d0a8ce5617fbfec99cfa564222aea749e630963
SHA256

79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193
SHA512

ba1e99bb62ac2079991b2fcd71387219d52715c301291717efa25306274e997ad1056aad1c77e4fb5fb1238a30e598583b60039bdd6ca03aa1deb978a502d63f

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  sample
- Size
  
  3KB
- MD5
  
  196dd5f874d26ca4e672885e9ff7b401
- SHA1
  
  3d0a8ce5617fbfec99cfa564222aea749e630963
- SHA256
  
  79695fd50b93c7ace9881e21071136ff38e2ff4aa7422220507b8917a7117193
- SHA512
  
  ba1e99bb62ac2079991b2fcd71387219d52715c301291717efa25306274e997ad1056aad1c77e4fb5fb1238a30e598583b60039bdd6ca03aa1deb978a502d63f
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution