Overview

overview

10

Static

static

MZaFjXR9.bat

windows7_x64

10

MZaFjXR9.bat

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MZaFjXR9.bat

  • Size

    198B

  • Sample

    200215-xbgc2gwqes

  • MD5

    ff4674f745e02aea836dd603452a716a

  • SHA1

    9fc43aa7e1c2e0020cbf8f409b3cd3df2426642f

  • SHA256

    26fc83bb569b179f22dd0ebba9f4f4c3e7a6df6dec05a2732d6742b988d77616

  • SHA512

    37bf8d62caae16b9adb53c9b8c34ec6494a1a182fac61bc0002579d4c3c803ba8d3b80820d6936e84db77ac2cf18ffaac330ed68d103ffad65cb9fc6288e50d5

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://185.103.242.78/pastes/MZaFjXR9

Targets

    • Target

      MZaFjXR9.bat

    • Size

      198B

    • MD5

      ff4674f745e02aea836dd603452a716a

    • SHA1

      9fc43aa7e1c2e0020cbf8f409b3cd3df2426642f

    • SHA256

      26fc83bb569b179f22dd0ebba9f4f4c3e7a6df6dec05a2732d6742b988d77616

    • SHA512

      37bf8d62caae16b9adb53c9b8c34ec6494a1a182fac61bc0002579d4c3c803ba8d3b80820d6936e84db77ac2cf18ffaac330ed68d103ffad65cb9fc6288e50d5

    Score
    10/10

    • Blacklisted process makes network request

    • Program crash

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks