General
-
Target
YourCyanide.cmd
-
Size
90KB
-
Sample
220518-avncmsbbb7
-
MD5
4cb725f17bec289507f9e8249c8ea80e
-
SHA1
a7034e84cb884bf90e61ce3b621424bec57334ae
-
SHA256
1f3e3ed8e708fc98bddddca71de7b9e21c6d2a4b2bf019c260e0b707140f9f62
-
SHA512
776982eab99b1285c209b71e2fd39e2765e9ce392a6c310208e72157dab3895b0b5a7c8b63d72e69bc507c88faec90a2f8f57788873f1a617a2659e22d2b7288
Static task
static1
Behavioral task
behavioral1
Sample
YourCyanide.cmd
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
YourCyanide.cmd
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Users\Admin\Desktop\YcynNote.txt
Extracted
https://cdn.discordapp.com/attachments/971160786015772724/971191444410875914/GetToken.exe
Extracted
C:\Users\Admin\Desktop\YcynNote.txt
Targets
-
-
Target
YourCyanide.cmd
-
Size
90KB
-
MD5
4cb725f17bec289507f9e8249c8ea80e
-
SHA1
a7034e84cb884bf90e61ce3b621424bec57334ae
-
SHA256
1f3e3ed8e708fc98bddddca71de7b9e21c6d2a4b2bf019c260e0b707140f9f62
-
SHA512
776982eab99b1285c209b71e2fd39e2765e9ce392a6c310208e72157dab3895b0b5a7c8b63d72e69bc507c88faec90a2f8f57788873f1a617a2659e22d2b7288
Score10/10-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-