Overview

overview

8

Static

static

1

HmUnban.bat

windows7-x64

7

HmUnban.bat

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HmUnban.Bat

  • Size

    2KB

  • Sample

    230417-skqn5agd3s

  • MD5

    1719d598ec3f8e8439a0da90ff9baa9d

  • SHA1

    14e4e92dcf6cf251b1d6896120bedf54dc37e39d

  • SHA256

    df6962bda69e8939ffe4c4dafd96757a45a6ed308ee6b153304658385a9d19e8

  • SHA512

    e9d4c613e0b17776c76b911c998cd428cf255a78d196a511f40fe287b15b99ac6ae60251278678789b9d28bde05cb98c8aaa4f602262ddc29fec4f5dd30aef54

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      HmUnban.Bat

    • Size

      2KB

    • MD5

      1719d598ec3f8e8439a0da90ff9baa9d

    • SHA1

      14e4e92dcf6cf251b1d6896120bedf54dc37e39d

    • SHA256

      df6962bda69e8939ffe4c4dafd96757a45a6ed308ee6b153304658385a9d19e8

    • SHA512

      e9d4c613e0b17776c76b911c998cd428cf255a78d196a511f40fe287b15b99ac6ae60251278678789b9d28bde05cb98c8aaa4f602262ddc29fec4f5dd30aef54

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks