4539abba5b497555fd5b7ab3275ea1894e698f826e8af2eb2cca83acdbcd88e2 | Triage

Submit
Reports

Overview

overview

Static

static

kekpop.cmd

windows7_x64

9

kekpop.cmd

windows10-2004_x64

Sharing

General

Target

kekpop.cmd.zip
Size

10KB
Sample

220513-vb15lshdc7
MD5

b35cd46a745bb2cae76ec21842acd51c
SHA1

6200dbfeb6565543feabc3556cec62fe3992eaf2
SHA256

4539abba5b497555fd5b7ab3275ea1894e698f826e8af2eb2cca83acdbcd88e2
SHA512

c87029c5f2e990bc9ce878d9a57c72170c5d0735f1a5cad371e6a979ba95bc2db255e24c9cdb222c04e5426737a0b428e70171341b38bb5e73f8bf0ed60f3248

Score

10^/10

evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

kekpop.cmd

Resource

win7-20220414-en

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

kekpop.cmd

Resource

win10v2004-20220414-en

evasion persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cdn.discordapp.com/attachments/971160786015772724/971191444410875914/GetToken.exe

Targets

- Target
  
  kekpop.cmd
- Size
  
  47KB
- MD5
  
  f190183b6a6f55daa406c25cf5da66d8
- SHA1
  
  89168542e0cec21bbafeafe39361994194576f61
- SHA256
  
  ea81248fddbf9080018845bf7862b9ceb8ab942526c1adcf20030f043c57ad99
- SHA512
  
  e28483273e68945b12baf8319ddafc58a65e82883c79fec47add970429f7b8ac02d91b7f68612058c0530ae6bfd66af959a0f6222e09acc81e816ca34c3ec448
Score

10^/10

evasion persistence spyware stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Blocklisted process makes network request
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Account Manipulation

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistencespywarestealer

© 2018-2024

Terms | Privacy