Overview

overview

9

Static

static

1

2.bat

windows7-x64

7

2.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.bat

  • Size

    782B

  • Sample

    230818-a6yyhsfh9w

  • MD5

    e6957230366cbecd6017c404ea14dd7b

  • SHA1

    41f22e19c8fc8626e51c810f5591924edb4032af

  • SHA256

    d6b0736eee2f32145f395b48b7b94b65f326f2d03469016d3b1885c10b68ca67

  • SHA512

    a93f06ee40f0a8f67b69a36acc14863cf1fc25f1815fec816297ee3207452fbd497a9f7262dd832d2731ab54596d86efadd4704934009315681f2986bb77391e

Score
9/10
discovery

Malware Config

Targets

    • Target

      2.bat

    • Size

      782B

    • MD5

      e6957230366cbecd6017c404ea14dd7b

    • SHA1

      41f22e19c8fc8626e51c810f5591924edb4032af

    • SHA256

      d6b0736eee2f32145f395b48b7b94b65f326f2d03469016d3b1885c10b68ca67

    • SHA512

      a93f06ee40f0a8f67b69a36acc14863cf1fc25f1815fec816297ee3207452fbd497a9f7262dd832d2731ab54596d86efadd4704934009315681f2986bb77391e

    Score
    9/10
    discovery

    • Contacts a large (7968) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks