Overview

overview

10

Static

static

1

Uni.bat

windows7-x64

7

Uni.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Uni.bat

  • Size

    12.6MB

  • Sample

    230719-mx13qscf62

  • MD5

    488a8bd72bd92554832ec260181e949b

  • SHA1

    459fa680872a35b9186f45d82d29e0d60564fc10

  • SHA256

    a5158b467cd4fcb6167f067dccc92bde8a850a486cdb4e29283bf755ab4566f5

  • SHA512

    2de3a9d623a833cdbf9e53c59473b1c0b0a051c4e85b5ffcdd905b0af8a68a038864fa4d9d5dc195fe2851bcd1433495b883b7069862791f1242a6a4df466447

  • SSDEEP

    49152:Lp2NpugSn0aCmtTHe6yNf0PlKAKLngb17yEo8bb8dSNMPOVnUvso+0L9zaTsGbxk:O

Score
10/10

Malware Config

Targets

    • Target

      Uni.bat

    • Size

      12.6MB

    • MD5

      488a8bd72bd92554832ec260181e949b

    • SHA1

      459fa680872a35b9186f45d82d29e0d60564fc10

    • SHA256

      a5158b467cd4fcb6167f067dccc92bde8a850a486cdb4e29283bf755ab4566f5

    • SHA512

      2de3a9d623a833cdbf9e53c59473b1c0b0a051c4e85b5ffcdd905b0af8a68a038864fa4d9d5dc195fe2851bcd1433495b883b7069862791f1242a6a4df466447

    • SSDEEP

      49152:Lp2NpugSn0aCmtTHe6yNf0PlKAKLngb17yEo8bb8dSNMPOVnUvso+0L9zaTsGbxk:O

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks