Overview

overview

8

Static

static

1

vn.cmd

windows7-x64

3

vn.cmd

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vn.cmd

  • Size

    1KB

  • Sample

    230821-l37a9sdh8x

  • MD5

    a71df40a110816c166da52991c858cb6

  • SHA1

    438cb6b47b97376d907da0f38c30d46b82ea3065

  • SHA256

    c89a9d9bcf31965c1d0cb1a80cc0269c84aaa368c5d2457262396a4f87ead940

  • SHA512

    beeefff51cf6670b4058efe5129d069472c4c3a08cb3cb6f45af54be2bd325007c6a1ef59011e191a71f3b226a40e9b18d5ae34ad5c9a14a7335818f0c51740b

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      vn.cmd

    • Size

      1KB

    • MD5

      a71df40a110816c166da52991c858cb6

    • SHA1

      438cb6b47b97376d907da0f38c30d46b82ea3065

    • SHA256

      c89a9d9bcf31965c1d0cb1a80cc0269c84aaa368c5d2457262396a4f87ead940

    • SHA512

      beeefff51cf6670b4058efe5129d069472c4c3a08cb3cb6f45af54be2bd325007c6a1ef59011e191a71f3b226a40e9b18d5ae34ad5c9a14a7335818f0c51740b

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks