3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7 | Triage

Sharing

General

Target

main_obf.bat
Size

3.3MB
Sample

231128-h5hh5sgb8z
MD5

b7cdd43c690b6f00668ce8c1675d00d4
SHA1

99b96b30be46250658c29d983ffae99840bb9d06
SHA256

3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7
SHA512

4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116
SSDEEP

6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://sped.lol/powershell/virus

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1154180923730952313/_PKvnk60qDFzsFkQO8fp1gMBHfV8EO_aqWU9lOEByDSlOoR8WCPSZNscUhNLA3TMZcb8

Targets

- Target
  
  main_obf.bat
- Size
  
  3.3MB
- MD5
  
  b7cdd43c690b6f00668ce8c1675d00d4
- SHA1
  
  99b96b30be46250658c29d983ffae99840bb9d06
- SHA256
  
  3b4522e24880a92e0efbff78c221678983c7d994b6bfacce04ceece21f0a60a7
- SHA512
  
  4aaf2da39127e81533b71bf571f6d7dab9c20a0b3e898448e9443bd89ed4c04c2c7bc3354438b3558310e2909ed8ba15116ff9e5b2ad21b0a938f6fe8618f116
- SSDEEP
  
  6144:7zrbs20RR7orb8GitYwYN4vkt9oVCTlGMe6pCIPqBkB4slpp0CswOw3XGI19UZua:7FOR7GbVitpU4/VCnCIPZp8zeTgz
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2