PSLoramyra: Technical Analysis of Fileless Malware Loader - ANY.RUN's Cybersecurity Blog
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Hidden Window - T1143 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 5f10aeee-22ec-4096-8f50-495d33195211 |
Fingerprint | 2c0289a0ad3a2b8a |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Nov. 27, 2024, 11:09 a.m. |
Added to db | Nov. 27, 2024, 12:46 p.m. |
Last updated | Dec. 4, 2024, 2:51 p.m. |
Headline | PSLoramyra: Technical Analysis of Fileless Malware Loader |
Title | PSLoramyra: Technical Analysis of Fileless Malware Loader - ANY.RUN's Cybersecurity Blog |
Detected Hints/Tags/Attributes | 38/2/19 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://any.run/cybersecurity-blog/psloramyra-malware-technical-analysis/ |
URL Provider
Details | Provider | Source level domain |
---|---|---|
Details | any.run | any.run |
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 14 | ✔ | ANY.RUN's Cybersecurity Blog | https://any.run/cybersecurity-blog/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1007 | any.run |
|
Details | Domain | 376 | wscript.shell |
|
Details | Domain | 5 | newpe2.pe |
|
Details | Domain | 3 | ronymahmoud.casacam.net |
|
Details | File | 5 | roox.ps1 |
|
Details | File | 5 | roox.bat |
|
Details | File | 5 | roox.vbs |
|
Details | File | 74 | regsvcs.exe |
|
Details | File | 3 | taskdefinition.settings |
|
Details | File | 2 | c:\users\public\roox.vbs |
|
Details | File | 2 | taskfolder.reg |
|
Details | File | 42 | aspnet_compiler.exe |
|
Details | File | 2 | c:\users\public\roox.bat |
|
Details | File | 2 | c:\users\public\roox.ps1 |
|
Details | sha256 | 3 | ac05a1ec83c7c36f77dec929781dd2dae7151e9ce00f0535f67fcdb92c4f81d9 |
|
Details | sha256 | 3 | 9018a2f6018b6948fc134490c3fb93c945f10d89652db7d8491a98790d001c1e |
|
Details | sha256 | 3 | d50cfca93637af25dc6720ebf40d54eec874004776b6bc385d544561748c2ffc |
|
Details | sha256 | 3 | ef894d940115b4382997954bf79c1c8272b24ee479efc93d1b0b649133a457cb |
|
Details | IPv4 | 2 | 3.145.156.44 |