Overview

overview

10

Static

static

giQz49tA.bat

windows7_x64

10

giQz49tA.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    giQz49tA.bat

  • Size

    191B

  • Sample

    200213-ph7s43pgp2

  • MD5

    65b0f5ebdc015931ab17494a03d6003e

  • SHA1

    23da57e56f22bac192ac36a8f9d28b720f3d4411

  • SHA256

    7fa558904199013868079280720136227112f529d7d2adebd3a416d13152bc81

  • SHA512

    ea26cd1b9a9ef92367912528bcd34550b33ecc854b9e1f79e2f0ec0bf31da3baebb0e010c4a8414121e7e8fdfdcf3fb0b04406205b6e2986e880c43850bf045d

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://185.103.242.78/pastes/giQz49tA

Targets

    • Target

      giQz49tA.bat

    • Size

      191B

    • MD5

      65b0f5ebdc015931ab17494a03d6003e

    • SHA1

      23da57e56f22bac192ac36a8f9d28b720f3d4411

    • SHA256

      7fa558904199013868079280720136227112f529d7d2adebd3a416d13152bc81

    • SHA512

      ea26cd1b9a9ef92367912528bcd34550b33ecc854b9e1f79e2f0ec0bf31da3baebb0e010c4a8414121e7e8fdfdcf3fb0b04406205b6e2986e880c43850bf045d

    Score
    10/10

    • Blacklisted process makes network request

    • Program crash

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks