General
-
Target
philerbum.ps1
-
Size
242B
-
Sample
250402-hlq16swjt4
-
MD5
59d0f73a31a7ad0474f993d5523fb20a
-
SHA1
b345d42f0b8319c754c95a9f37425d9774ddfb35
-
SHA256
e315aa0e80c75958edb5ff7ed8fb9d82688a49a927f037e4356cdb9244cfcff1
-
SHA512
267166da5954e6da88a80e87a4f81f092b1561d27cf545f1ae6296501df2c5751a9ef07b5eedae9d167d0671ad0d8531dcec2a2c5c227ea907cf42c54cdf742e
Malware Config
Targets
-
-
Target
philerbum.ps1
-
Size
242B
-
MD5
59d0f73a31a7ad0474f993d5523fb20a
-
SHA1
b345d42f0b8319c754c95a9f37425d9774ddfb35
-
SHA256
e315aa0e80c75958edb5ff7ed8fb9d82688a49a927f037e4356cdb9244cfcff1
-
SHA512
267166da5954e6da88a80e87a4f81f092b1561d27cf545f1ae6296501df2c5751a9ef07b5eedae9d167d0671ad0d8531dcec2a2c5c227ea907cf42c54cdf742e
Score8/10-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt
-
Boot or Logon Autostart Execution: Print Processors
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Modifies file permissions
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-