General

  • Target

    xxicqf.bat

  • Size

    325KB

  • Sample

    230125-mpa7cafg47

  • MD5

    4f3c7ff71a35d8abaf90dd0f2353b621

  • SHA1

    b42e3e4ea9ff13c978d1b614f06f2d86735e495d

  • SHA256

    76fc358fa8b3b845ac771bd4dd0746bb49f537ebcf61737e9ee4e5582fdd133a

  • SHA512

    a81106eea5988266fe759d22393b3b5f745c4e27db367ba930913c29c5afe03cac374112c1ec312c2f267d8477eab1e8f2bdf709c28b0a3ef0f90f762cdc982f

  • SSDEEP

    6144:sb0ERTjCC/oq28xqqHBykjjIxEfTKyRfFysWiS3IzZK/DPcAW:sbXjCC/oX8x3HBykjMxsmyRf1UaKTcAW

Score
8/10

Malware Config

Targets

    • Target

      xxicqf.bat

    • Size

      325KB

    • MD5

      4f3c7ff71a35d8abaf90dd0f2353b621

    • SHA1

      b42e3e4ea9ff13c978d1b614f06f2d86735e495d

    • SHA256

      76fc358fa8b3b845ac771bd4dd0746bb49f537ebcf61737e9ee4e5582fdd133a

    • SHA512

      a81106eea5988266fe759d22393b3b5f745c4e27db367ba930913c29c5afe03cac374112c1ec312c2f267d8477eab1e8f2bdf709c28b0a3ef0f90f762cdc982f

    • SSDEEP

      6144:sb0ERTjCC/oq28xqqHBykjjIxEfTKyRfFysWiS3IzZK/DPcAW:sbXjCC/oX8x3HBykjMxsmyRf1UaKTcAW

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks