Deobfuscating PowerShell Malware Droppers
Tags
| country: | Moldova Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Software - T1592.002 Visual Basic - T1059.005 Powershell - T1086 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 5f53b322-92f4-4026-a128-b1ed14eb7240 |
| Fingerprint | ae41a1026d3d43d4 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 27, 2021, 5:51 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 16, 2024, 11:18 a.m. |
| Headline | Deobfuscating PowerShell Malware Droppers |
| Title | Deobfuscating PowerShell Malware Droppers |
| Detected Hints/Tags/Attributes | 59/3/8 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 228 | system.io |
|
| Details | File | 1 | dropper_part_2.ps1 |
|
| Details | File | 44 | payload.bin |
|
| Details | File | 23 | payload.dll |
|
| Details | sha1 | 1 | d117643019d665a29ce8a7b812268fb8d3e5aadb |
|
| Details | sha256 | 3 | 134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8 |
|
| Details | sha256 | 2 | 187bf95439da038c1bc291619507ff5e426d250709fa5e3eda7fda99e1c9854c |
|
| Details | sha256 | 2 | b93484683014aca8e909c9b5648d8f0ac21a45d0c193f6ca40f0b01d2464c1c4 |