POWERTRASH (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

ps1.powertrash (Back to overview)

POWERTRASH

Actor(s): FIN7

This PowerShell written malware is an in-memory dropper used by FIN7 to execute the included/embedded payload. According to Mandiant's blog article: "POWERTRASH is a uniquely obfuscated iteration of a shellcode invoker included in the PowerSploit framework available on GitHub."

References

2022-04-22 ⋅ Mandiant ⋅ Mandiant
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
POWERTRASH Carbanak DICELOADER STONEBOAT

There is no Yara-Signature yet.

POWERTRASH Propose Change

References

POWERTRASH