PSLoramyra: Technical Analysis of Fileless Malware Loader
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Hidden Window - T1143 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 48915d33-a5e4-4158-a9b4-ce50909cc6ac |
Fingerprint | 2c028980ad322b8a |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 27, 2024, 11:15 a.m. |
Added to db | Nov. 27, 2024, 12:42 p.m. |
Last updated | Dec. 4, 2024, 2:51 p.m. |
Headline | PSLoramyra: Technical Analysis of Fileless Malware Loader |
Title | PSLoramyra: Technical Analysis of Fileless Malware Loader |
Detected Hints/Tags/Attributes | 42/2/21 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1007 | any.run |
|
Details | Domain | 376 | wscript.shell |
|
Details | Domain | 5 | newpe2.pe |
|
Details | Domain | 3 | ronymahmoud.casacam.net |
|
Details | File | 5 | roox.ps1 |
|
Details | File | 5 | roox.bat |
|
Details | File | 5 | roox.vbs |
|
Details | File | 74 | regsvcs.exe |
|
Details | File | 3 | taskdefinition.settings |
|
Details | File | 2 | c:\users\public\roox.vbs |
|
Details | File | 2 | taskfolder.reg |
|
Details | File | 42 | aspnet_compiler.exe |
|
Details | File | 2 | c:\users\public\roox.bat |
|
Details | File | 2 | c:\users\public\roox.ps1 |
|
Details | sha256 | 3 | ac05a1ec83c7c36f77dec929781dd2dae7151e9ce00f0535f67fcdb92c4f81d9 |
|
Details | sha256 | 3 | 9018a2f6018b6948fc134490c3fb93c945f10d89652db7d8491a98790d001c1e |
|
Details | sha256 | 3 | d50cfca93637af25dc6720ebf40d54eec874004776b6bc385d544561748c2ffc |
|
Details | sha256 | 3 | ef894d940115b4382997954bf79c1c8272b24ee479efc93d1b0b649133a457cb |
|
Details | IPv4 | 2 | 3.145.156.44 |
|
Details | Url | 2 | https://gchq.github.io/cyberchef/#recipe=find_ |
|
Details | Url | 1 | https://intelligence.any.run/analysis/lookup/?utm_source=anyrunblog&utm_medium=article&utm_campaign=psloryama_analysis&utm_term=271124&utm_content=linktolookup#{%22query%22:%22commandline:%5c%22c:%5c%5c%5c%5cusers%5c%5c%5c%5cpublic%5c%5c%5c%5c*.vbs%5c%22%20and%20commandline:%5c%22c:%5c%5c%5c%5cusers%5c%5c%5c%5cpublic%5c%5c%5c%5c*.bat%5c%22%20and%20commandline:%5c%22c:%5c%5c%5c%5cusers%5c%5c%5c%5cpublic%5c%5c%5c%5c*.ps1 |