Overview

overview

8

Static

static

xxicqf.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xxicqf.bat

  • Size

    325KB

  • Sample

    230125-mpa7cafg47

  • MD5

    4f3c7ff71a35d8abaf90dd0f2353b621

  • SHA1

    b42e3e4ea9ff13c978d1b614f06f2d86735e495d

  • SHA256

    76fc358fa8b3b845ac771bd4dd0746bb49f537ebcf61737e9ee4e5582fdd133a

  • SHA512

    a81106eea5988266fe759d22393b3b5f745c4e27db367ba930913c29c5afe03cac374112c1ec312c2f267d8477eab1e8f2bdf709c28b0a3ef0f90f762cdc982f

  • SSDEEP

    6144:sb0ERTjCC/oq28xqqHBykjjIxEfTKyRfFysWiS3IzZK/DPcAW:sbXjCC/oX8x3HBykjMxsmyRf1UaKTcAW

Score
8/10

Malware Config

Targets

    • Target

      xxicqf.bat

    • Size

      325KB

    • MD5

      4f3c7ff71a35d8abaf90dd0f2353b621

    • SHA1

      b42e3e4ea9ff13c978d1b614f06f2d86735e495d

    • SHA256

      76fc358fa8b3b845ac771bd4dd0746bb49f537ebcf61737e9ee4e5582fdd133a

    • SHA512

      a81106eea5988266fe759d22393b3b5f745c4e27db367ba930913c29c5afe03cac374112c1ec312c2f267d8477eab1e8f2bdf709c28b0a3ef0f90f762cdc982f

    • SSDEEP

      6144:sb0ERTjCC/oq28xqqHBykjjIxEfTKyRfFysWiS3IzZK/DPcAW:sbXjCC/oX8x3HBykjMxsmyRf1UaKTcAW

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks