General
-
Target
ppp.ps1
-
Size
386KB
-
Sample
250324-nyj2aaspw5
-
MD5
e45cabf205741f1cede66ad81f8b06fa
-
SHA1
060dcd47f3b48db25d68a633f7897338834d3612
-
SHA256
c685134bdad34c105ab8f11437824d1a038370cc9d80cd3f5768d83900aba942
-
SHA512
88ab41b280853bc784c1177e05ae2d31369df408c879f9dca4b6ada5d6d18693f5d3299564426e2fa726d99dcfab86cb6599684d2291d6b5e88fa500a5804aa7
-
SSDEEP
6144:jiQBMJk9Te7tQtEu+jSmJtAO13nRZ79rOSA5C25ljGuVn0O2+ibO8A9e:ejJ8ktQtYGmJt2WUO1
Static task
static1
Behavioral task
behavioral1
Sample
ppp.ps1
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
ppp.ps1
-
Size
386KB
-
MD5
e45cabf205741f1cede66ad81f8b06fa
-
SHA1
060dcd47f3b48db25d68a633f7897338834d3612
-
SHA256
c685134bdad34c105ab8f11437824d1a038370cc9d80cd3f5768d83900aba942
-
SHA512
88ab41b280853bc784c1177e05ae2d31369df408c879f9dca4b6ada5d6d18693f5d3299564426e2fa726d99dcfab86cb6599684d2291d6b5e88fa500a5804aa7
-
SSDEEP
6144:jiQBMJk9Te7tQtEu+jSmJtAO13nRZ79rOSA5C25ljGuVn0O2+ibO8A9e:ejJ8ktQtYGmJt2WUO1
-
Detect Umbral payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Umbral family
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-