Overview

overview

10

Static

static

Generar.cmd

windows7-x64

10

Generar.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Generar.cmd

  • Size

    20KB

  • Sample

    230131-n6fc3agb84

  • MD5

    790fe7db1e293a9b7697a7ad80b24477

  • SHA1

    393a2697ab0056dc0e25411084b1f37c344f6922

  • SHA256

    33e45ddb990c72ac719f1fad9f17b15201bd8c508b9a50d67c42c84d169c8e40

  • SHA512

    5d407b9116be6427eaadd41c587ccdc1f5ba3051b532ed016a0847373dc080b8d9f0a86e8e1d761b9b296250dd4648b1e20cfbcf8abd5007e1948b55d8512991

  • SSDEEP

    192:BHzSSRPDl5qn9EgdIgGKEom9zPNJYQYEoy3YOiNawJ3LSsyTkCPcv:1/C9vw/ejmQOFkCPcv

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData?audienceFFN=492350f6-3a01-4f97-b9c0-c7c6ddf67d60

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData?audienceFFN=492350f6-3a01-4f97-b9c0-c7c6ddf67d60&osver=Client|6.1.0

Targets

    • Target

      Generar.cmd

    • Size

      20KB

    • MD5

      790fe7db1e293a9b7697a7ad80b24477

    • SHA1

      393a2697ab0056dc0e25411084b1f37c344f6922

    • SHA256

      33e45ddb990c72ac719f1fad9f17b15201bd8c508b9a50d67c42c84d169c8e40

    • SHA512

      5d407b9116be6427eaadd41c587ccdc1f5ba3051b532ed016a0847373dc080b8d9f0a86e8e1d761b9b296250dd4648b1e20cfbcf8abd5007e1948b55d8512991

    • SSDEEP

      192:BHzSSRPDl5qn9EgdIgGKEom9zPNJYQYEoy3YOiNawJ3LSsyTkCPcv:1/C9vw/ejmQOFkCPcv

    Score
    10/10

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks