General

  • Target

    main_obf.bat

  • Size

    3.3MB

  • Sample

    231128-h5hh5sgb8z

  • MD5

    b7cdd43c690b6f00668ce8c1675d00d4

  • SHA1

    99b96b30be46250658c29d983ffae99840bb9d06

  • SHA256

    3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7

  • SHA512

    4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116

  • SSDEEP

    6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://sped.lol/powershell/virus

Extracted

Language
ps1
Source
URLs
exe.dropper

https://discord.com/api/webhooks/1154180923730952313/_PKvnk60qDFzsFkQO8fp1gMBHfV8EO_aqWU9lOEByDSlOoR8WCPSZNscUhNLA3TMZcb8

Targets

    • Target

      main_obf.bat

    • Size

      3.3MB

    • MD5

      b7cdd43c690b6f00668ce8c1675d00d4

    • SHA1

      99b96b30be46250658c29d983ffae99840bb9d06

    • SHA256

      3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7

    • SHA512

      4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116

    • SSDEEP

      6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz

    Score
    10/10
    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks