75ce85c7868efffdd665bf1234b0e2cfc31a5bd24a493cfb6e237e7de32cb73e | Triage

Submit
Reports

Overview

overview

8

Static

static

4qo856.bat

windows7-x64

8

4qo856.bat

windows10-2004-x64

8

Sharing

General

Target

4qo856.bat
Size

2.1MB
Sample

230202-h9ecaahd2t
MD5

e8939f95a675b9fb924eebe38827c456
SHA1

fc8b276222231d8184c21c69b655903b84a59430
SHA256

75ce85c7868efffdd665bf1234b0e2cfc31a5bd24a493cfb6e237e7de32cb73e
SHA512

f149ca122eddf7e8f611427ebd146608096884ee3b9e4b97c77d2771f6119afb13f357a3d5192e099a6168606c3d3c151eefe36779f8c82640b8a2b2a75c5e08
SSDEEP

24576:NnNaBvX2dfBil92AzBE4y1/feTDVzt6iZ+9/5KbCSfpItxCxe0U1k2jPaez/+L6a:KGwl2vuuiY50Tk91HLiA5dLkll1n

Score

8^/10

microsoft persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

4qo856.bat

Resource

win7-20220901-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4qo856.bat

Resource

win10v2004-20221111-en

microsoft persistence phishing

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  4qo856.bat
- Size
  
  2.1MB
- MD5
  
  e8939f95a675b9fb924eebe38827c456
- SHA1
  
  fc8b276222231d8184c21c69b655903b84a59430
- SHA256
  
  75ce85c7868efffdd665bf1234b0e2cfc31a5bd24a493cfb6e237e7de32cb73e
- SHA512
  
  f149ca122eddf7e8f611427ebd146608096884ee3b9e4b97c77d2771f6119afb13f357a3d5192e099a6168606c3d3c151eefe36779f8c82640b8a2b2a75c5e08
- SSDEEP
  
  24576:NnNaBvX2dfBil92AzBE4y1/feTDVzt6iZ+9/5KbCSfpItxCxe0U1k2jPaez/+L6a:KGwl2vuuiY50Tk91HLiA5dLkll1n
Score

8^/10

persistence microsoft phishing
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing

© 2018-2024

Terms | Privacy