General
-
Target
main_obf.bat
-
Size
3.3MB
-
Sample
231128-h5hh5sgb8z
-
MD5
b7cdd43c690b6f00668ce8c1675d00d4
-
SHA1
99b96b30be46250658c29d983ffae99840bb9d06
-
SHA256
3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7
-
SHA512
4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116
-
SSDEEP
6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz
Static task
static1
Behavioral task
behavioral1
Sample
main_obf.bat
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
main_obf.bat
Resource
win10v2004-20231127-en
Malware Config
Extracted
https://sped.lol/powershell/virus
Extracted
https://discord.com/api/webhooks/1154180923730952313/_PKvnk60qDFzsFkQO8fp1gMBHfV8EO_aqWU9lOEByDSlOoR8WCPSZNscUhNLA3TMZcb8
Targets
-
-
Target
main_obf.bat
-
Size
3.3MB
-
MD5
b7cdd43c690b6f00668ce8c1675d00d4
-
SHA1
99b96b30be46250658c29d983ffae99840bb9d06
-
SHA256
3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7
-
SHA512
4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116
-
SSDEEP
6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-