General
-
Target
kekpop.cmd.zip
-
Size
10KB
-
Sample
220513-vb15lshdc7
-
MD5
b35cd46a745bb2cae76ec21842acd51c
-
SHA1
6200dbfeb6565543feabc3556cec62fe3992eaf2
-
SHA256
4539abba5b497555fd5b7ab3275ea1894e698f826e8af2eb2cca83acdbcd88e2
-
SHA512
c87029c5f2e990bc9ce878d9a57c72170c5d0735f1a5cad371e6a979ba95bc2db255e24c9cdb222c04e5426737a0b428e70171341b38bb5e73f8bf0ed60f3248
Static task
static1
Behavioral task
behavioral1
Sample
kekpop.cmd
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
kekpop.cmd
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/971160786015772724/971191444410875914/GetToken.exe
Targets
-
-
Target
kekpop.cmd
-
Size
47KB
-
MD5
f190183b6a6f55daa406c25cf5da66d8
-
SHA1
89168542e0cec21bbafeafe39361994194576f61
-
SHA256
ea81248fddbf9080018845bf7862b9ceb8ab942526c1adcf20030f043c57ad99
-
SHA512
e28483273e68945b12baf8319ddafc58a65e82883c79fec47add970429f7b8ac02d91b7f68612058c0530ae6bfd66af959a0f6222e09acc81e816ca34c3ec448
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-