Overview

overview

7

Static

static

1

document.bat

windows7-x64

7

document.bat

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document.tar.gz

  • Size

    67KB

  • Sample

    230605-r1d5lahf8t

  • MD5

    c502e747305508b156309d85ab9a7090

  • SHA1

    d83d588be557e841c206059dbb67d4d4c03aa20a

  • SHA256

    ff9e6a9ea83c0791f89d465fcc5a3631ae5da0d7cef86bfc71dd720d26407c0d

  • SHA512

    38f49e455cc6f7a11eeff915a0e8b53f1b6cbd84d5a018446e482e1cf3e445b890e88a3614eb93cad27762024a9e933650bfb1d798ad72b7e6737657405afd4c

  • SSDEEP

    1536:kRly1SUhBa0QcrD+JuN7wq/F7Oyb1L53+74NOooeLdVyZ2wpWctCw:ulcXUmD+JAwg7Oytw7585O2gZj

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      document.bat

    • Size

      93KB

    • MD5

      402b00d4f615d7ce65aaaabd4cf05284

    • SHA1

      451b2ad1ccc25e971819b81b34b4a29b118e9828

    • SHA256

      be4a40d3aeeaefc89bcd5517566d12b3c351f0f349eace2a5e536c77fc41a0e7

    • SHA512

      ccfdef0e518e28fcdc721403ec15615aedbec51ffa57db32a8e151f4065d5706b4a0fda8c45a9dec32330ea530c357e54907f028a4506f0be13516a2645cfdf0

    • SSDEEP

      1536:j/dOdT5xTaCpf2TWQ/FgHh4iNXVEMh7B65IAwFbUxZxtn6rBMX+yGAJmTLSJOU6e:jlO1N5Q/FgH5NXVtwGZQxrtn6ryu8ZY0

    Score
    7/10
    discoveryspywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks