34cee39adde2085b35877f67de147823542b42abe65b7b0cccee40bc58a5713f | Triage

Submit
Reports

Overview

overview

9

Static

static

7

bat_win_sp...V2.exe

windows10-2004-x64

9

Sharing

General

Target

bat_win_spoofer_V2.exe
Size

5.3MB
Sample

231122-s5fdwsea6v
MD5

a51b03d97b998e3c3fa32cae922da7ee
SHA1

762286e273a51c3af772b37528f22c4c11c5d44b
SHA256

34cee39adde2085b35877f67de147823542b42abe65b7b0cccee40bc58a5713f
SHA512

e00475411326d74a825be3112383684cee5dca67cd00cea5aa62c47a5d56b0330ab7d08e1403051b746aafd722080e7ff484915bd7ab2623413786e4c127bb72
SSDEEP

98304:71mP2axDElUcnFcsB+fe74m6n4k/nPS53bGGaW1wcOU6VtbOGmUIjIQ82rjM9gm7:JkolfpM49LdHOU6/O3X+2/M9uE

Score

9^/10

evasion pyinstaller upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bat_win_spoofer_V2.exe

Resource

win10v2004-20231020-en

evasion pyinstaller upx vmprotect

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  bat_win_spoofer_V2.exe
- Size
  
  5.3MB
- MD5
  
  a51b03d97b998e3c3fa32cae922da7ee
- SHA1
  
  762286e273a51c3af772b37528f22c4c11c5d44b
- SHA256
  
  34cee39adde2085b35877f67de147823542b42abe65b7b0cccee40bc58a5713f
- SHA512
  
  e00475411326d74a825be3112383684cee5dca67cd00cea5aa62c47a5d56b0330ab7d08e1403051b746aafd722080e7ff484915bd7ab2623413786e4c127bb72
- SSDEEP
  
  98304:71mP2axDElUcnFcsB+fe74m6n4k/nPS53bGGaW1wcOU6VtbOGmUIjIQ82rjM9gm7:JkolfpM49LdHOU6/O3X+2/M9uE
Score

9^/10

evasion pyinstaller upx vmprotect
- Looks for VirtualBox Guest Additions in registry
  evasion
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpyinstallerupxvmprotect

© 2018-2025

Terms | Privacy