Overview

overview

9

Static

static

1

2.bat

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2.bat

  • Size

    917B

  • Sample

    230820-159lqshf96

  • MD5

    fbb67799f50529f73b23eb18adc82bfe

  • SHA1

    b37bb6cc43cbc67de465ea562b5a72cda751ac79

  • SHA256

    703a75d65ca3be70d6baf836e3dc9728e84c46a7474c1e02f1e5096906ba39a5

  • SHA512

    39f7125f0c33b92ca72ad9dd50632fe4c48b100431593c08373d92123679edcb571f2546078351170a854ba75a0edd3e6b951556939120610aa6981e384d768d

Score
9/10
discoverypyinstaller

Malware Config

Targets

    • Target

      2.bat

    • Size

      917B

    • MD5

      fbb67799f50529f73b23eb18adc82bfe

    • SHA1

      b37bb6cc43cbc67de465ea562b5a72cda751ac79

    • SHA256

      703a75d65ca3be70d6baf836e3dc9728e84c46a7474c1e02f1e5096906ba39a5

    • SHA512

      39f7125f0c33b92ca72ad9dd50632fe4c48b100431593c08373d92123679edcb571f2546078351170a854ba75a0edd3e6b951556939120610aa6981e384d768d

    Score
    9/10
    discoverypyinstaller

    • Contacts a large (7968) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks