55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa

Sharing

Copy URL

Twitter E-mail

General

Target

55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
Size

44KB
Sample

240705-z2dt8aybqe
MD5

66de90b30c5f73b1f99e8e610d6f1242
SHA1

818a867d1e637aea7093ad0505bf4d92ba64439a
SHA256

55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
SHA512

a947f178694ae02dd74c56ecd8883b65ecddf82a57b7e913a859984a87b54fb79228edb44e48b37fd0ab2340e6cc7c79b6e00cd523720815b866f6ffc7e86543
SSDEEP

768:Ctvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:SWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1

Targets

- Target
  
  55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
- Size
  
  44KB
- MD5
  
  66de90b30c5f73b1f99e8e610d6f1242
- SHA1
  
  818a867d1e637aea7093ad0505bf4d92ba64439a
- SHA256
  
  55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
- SHA512
  
  a947f178694ae02dd74c56ecd8883b65ecddf82a57b7e913a859984a87b54fb79228edb44e48b37fd0ab2340e6cc7c79b6e00cd523720815b866f6ffc7e86543
- SSDEEP
  
  768:Ctvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:SWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2