Overview

overview

7

Static

static

1

PRE-ALERT ...AI.bat

windows7-x64

7

PRE-ALERT ...AI.bat

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b034f40e64dbb5207009f97873aead10cf0ad0ef0dd0f494f1125e5050c91417_JC.rar

  • Size

    783KB

  • Sample

    231004-wyn91adg9v

  • MD5

    b5855a31c59320c5fca189e833f8bd81

  • SHA1

    04781ba000d8cd63f0e951ea25a4c3727d7d39a4

  • SHA256

    b034f40e64dbb5207009f97873aead10cf0ad0ef0dd0f494f1125e5050c91417

  • SHA512

    5652be39e50c9c5ff6fa2c34de47bc35249740b15b5a272a9c75bc43441f703008701739113305c2e411b2b2edb9b315a97f828524061ef8f6854a2c26002443

  • SSDEEP

    12288:bwVBFNKl9Ga7Pa5aEtf/wFQgGchCwdwZXaUHVu52eJdMrBeHwnTh7G2qiwOEYFV3:b2G9GalG4FQgGcvgXryjq9eQnhG2tFt

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      PRE-ALERT SKLZ2112352 00 SHANGHAI.bat

    • Size

      1014KB

    • MD5

      9ecae039ff7e74e184ea9d1a85f19193

    • SHA1

      0c47dd3f189d2a82ac1b7ee81527c66e51317f80

    • SHA256

      c8298ea15d9737ceb275406b2d50919d012195a4e9a0f3be1f514fc364348b9f

    • SHA512

      a919ad35d81a320a9a53a99607a786dc1502942d66791e233ce7f2276b77330cc94b8c86e3014995537d3f6e96c1f928d9a2d8b936c24066fdc77dd0cc130a3a

    • SSDEEP

      24576:n8GMSchpW98EOD2CwBzCF4LqPc5AhS9REGfYJEL:08biYS+AO

    Score
    7/10
    persistencespywarestealer

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks