Overview

overview

10

Static

static

GVgtQJBJ.bat

windows7_x64

10

GVgtQJBJ.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GVgtQJBJ.bat

  • Size

    190B

  • Sample

    200215-4echhtw1y6

  • MD5

    43aa3aa760b027464f28fbfc9d0c55a0

  • SHA1

    65acd51ec84efc93eb63b3e3bdbb480c0c289a59

  • SHA256

    43c10d88fd76dc052407f716ed13c4e2f1a6a3ec6c6227edc40cb7cbf44ecec2

  • SHA512

    78f7c8df5289589d41d82a139e1abbb49dd25f39c69ce5acf9d929634b9cb3f0e1c112b1c4794e5f4a322a7ee3248e4f0cbd6950c81cee80d044b164f1d320a1

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://185.103.242.78/pastes/GVgtQJBJ

Targets

    • Target

      GVgtQJBJ.bat

    • Size

      190B

    • MD5

      43aa3aa760b027464f28fbfc9d0c55a0

    • SHA1

      65acd51ec84efc93eb63b3e3bdbb480c0c289a59

    • SHA256

      43c10d88fd76dc052407f716ed13c4e2f1a6a3ec6c6227edc40cb7cbf44ecec2

    • SHA512

      78f7c8df5289589d41d82a139e1abbb49dd25f39c69ce5acf9d929634b9cb3f0e1c112b1c4794e5f4a322a7ee3248e4f0cbd6950c81cee80d044b164f1d320a1

    Score
    10/10

    • Blacklisted process makes network request

    • Program crash

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks