Overview

overview

7

Static

static

1

Quotation ...23.bat

windows7-x64

7

Quotation ...23.bat

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation 9117990927023.bat

  • Size

    1013KB

  • Sample

    231013-jgyqwsff7y

  • MD5

    82ea0e8631cc002a509a86edc2882e90

  • SHA1

    76d51a264ce95c422947a7563d08d229be03f4e6

  • SHA256

    4b1314d38a54e24ee3cb36e2485ff1a3b7e9d3bd9e0feebc71ef955653f4e3d3

  • SHA512

    c23720a1f359a2c1d0e20db1f92a8fe5383170279bdc7b68f6fca3e5e3365c530401156aec8bfd5a7d22ff98f188413ebd4609bb4ca2aa900177daab84c5717e

  • SSDEEP

    24576:bO6nHMuwW4sVl0A2ahdLNpQeu+SqME0N95Nw515:fnmodHdUgP

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      Quotation 9117990927023.bat

    • Size

      1013KB

    • MD5

      82ea0e8631cc002a509a86edc2882e90

    • SHA1

      76d51a264ce95c422947a7563d08d229be03f4e6

    • SHA256

      4b1314d38a54e24ee3cb36e2485ff1a3b7e9d3bd9e0feebc71ef955653f4e3d3

    • SHA512

      c23720a1f359a2c1d0e20db1f92a8fe5383170279bdc7b68f6fca3e5e3365c530401156aec8bfd5a7d22ff98f188413ebd4609bb4ca2aa900177daab84c5717e

    • SSDEEP

      24576:bO6nHMuwW4sVl0A2ahdLNpQeu+SqME0N95Nw515:fnmodHdUgP

    Score
    7/10
    persistencespywarestealer

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks