General

  • Target

    batch2.zip

  • Size

    374.7MB

  • MD5

    65820b5345cae498c44cf90c63dd3160

  • SHA1

    857f6b35c2e69a4df8e52094ef1f9acaacee8c60

  • SHA256

    7a3b1e9c8df660dc1c1cf9b17411c1d6a4ffca364712c5de8ac46b1199ece1ce

  • SHA512

    576df56b28250d69aeb9c95070a453928336c7beabe45b3bc108669810ffb2316a69bdf785b8472787328556d25ccd62d30e36d4945adb85e45a800369dce388

  • SSDEEP

    6291456:Wfj+M5AE4HECh6/6p3vBaD0OFMZTuw8XPWD29On+lctEu6ieDAR43Wr/ggjghaFd:WfJAEIECpXfOFM+PWyNlZu6ieDASmr/B

Score
8/10

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • batch2.zip
    .zip
  • 1.rar
    .rar
  • Ehhbsuuemv.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • GjIEmKW.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Jtvcsfni.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • OriginalBuild.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • PUMPED_docc.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Servicing-invoice-template.pdf
    .pdf
  • cgu3.rar
    .rar
  • debt.rtf.rar
    .rar
  • eeee.dotm
    .dotm office2007

    ThisDocument

  • egor.dotm
    .dotm office2007

    ThisDocument

  • errr.dotm
    .dotm office2007

    ThisDocument

  • example.dotm
    .dotm office2007

    ThisDocument

  • fasfs.dotm
    .dotm office2007

    ThisDocument

    NewMacros

  • ferrr.dotm
    .dotm office2007

    ThisDocument

  • fffffffnew.dotm
    .dotm office2007

    ThisDocument

    NewMacros

  • fp4h5ur67j.exe
    .exe windows x86

    bd611a3ea18453d145c1df89ce6e10c9


    Code Sign

    Headers

    Imports

    Sections

  • ketoshi.exe
    .exe windows x64

    04cdeb223f1373b46c9f3263ea80b584


    Code Sign

    Headers

    Imports

    Sections

  • newsolway.dotm
    .dotm office2007

    ThisDocument

  • passporsh.dotm
    .dotm office2007

    ThisDocument

  • powershell.exe
    .exe windows x64

    bf7a6e7a62c3f5b2e8e069438ac1dd3d


    Headers

    Imports

    Sections

  • prom.dotm
    .dotm office2007

    ThisDocument

  • putty.dotm
    .dotm office2007

    ThisDocument

  • putty.exe
    .exe windows x64

    69573714e11441683ea863c40a1c0d54


    Code Sign

    Headers

    Imports

    Sections

  • q_-_Copy_original.exe
    .exe windows x86

    aac51396886833dc961fcd7aab7711e4


    Headers

    Imports

    Sections

  • r.dotm
    .dotm office2007

    ThisDocument

  • rom.dotm
    .dotm office2007

    ThisDocument

  • solway.dotm
    .dotm office2007

    ThisDocument

  • ss.dotm
    .dotm office2007

    ThisDocument

  • testdlyailyi.dotm
    .dotm office2007

    ThisDocument

    Module1