Overview

overview

10

Static

static

1

dicknball.bat

windows7-x64

7

dicknball.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    dicknball.bat

  • Size

    14.6MB

  • Sample

    230525-wlx2dabf35

  • MD5

    8bb1c74894af5a81f9d64e49f4ebefcc

  • SHA1

    c684efdbe5b94928169d1067990259ce6c2bb989

  • SHA256

    b840606a08be79c493cf59452a14c70a7460461ba76af537dfc306100d6c3577

  • SHA512

    0ea08608d8f1ee1e39d8a3759b349be8e261f73cc636424c62eee8254298f4e25adab9e35dfbae6ba9dcda0c4ec13f8f128ca0bed4f31769234597464b1af481

  • SSDEEP

    49152:AN382RL0eJj2XVZ+zdcr7S7sEmT48+lRBLWXW2yp0Wlz81DpsUEasnJ4oCribRUK:K

Score
10/10

Malware Config

Targets

    • Target

      dicknball.bat

    • Size

      14.6MB

    • MD5

      8bb1c74894af5a81f9d64e49f4ebefcc

    • SHA1

      c684efdbe5b94928169d1067990259ce6c2bb989

    • SHA256

      b840606a08be79c493cf59452a14c70a7460461ba76af537dfc306100d6c3577

    • SHA512

      0ea08608d8f1ee1e39d8a3759b349be8e261f73cc636424c62eee8254298f4e25adab9e35dfbae6ba9dcda0c4ec13f8f128ca0bed4f31769234597464b1af481

    • SSDEEP

      49152:AN382RL0eJj2XVZ+zdcr7S7sEmT48+lRBLWXW2yp0Wlz81DpsUEasnJ4oCribRUK:K

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks