Overview

overview

10

Static

static

1

e.bat

windows7-x64

10

e.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e.bat

  • Size

    1KB

  • Sample

    231229-rq5vkaeack

  • MD5

    546994081dca1f2af82e4c890936011d

  • SHA1

    db77f19befdbe7e144ffbdb33c3b1545c2ffa5be

  • SHA256

    e241c6debc60b2e1a3e43ad15942136a2bcb8829678b0dc1b390796ec3ec1ee1

  • SHA512

    17e7f3e47f0758c94211cef398801da2f45c6f8e456883ded74b23c79d86984371508da60c318576ee3f7953444d353463198be9480dfcd07be76fe27e32f791

Score
10/10
discoveryevasionexploit

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cloud.justastupidguy.repl.co/uploads/r.py

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cloud.justastupidguy.repl.co/uploads/e.py

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cloud.justastupidguy.repl.co/uploads/a.py

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cloud.justastupidguy.repl.co/uploads/shell1.py

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cloud.justastupidguy.repl.co/uploads/shell.py

Targets

    • Target

      e.bat

    • Size

      1KB

    • MD5

      546994081dca1f2af82e4c890936011d

    • SHA1

      db77f19befdbe7e144ffbdb33c3b1545c2ffa5be

    • SHA256

      e241c6debc60b2e1a3e43ad15942136a2bcb8829678b0dc1b390796ec3ec1ee1

    • SHA512

      17e7f3e47f0758c94211cef398801da2f45c6f8e456883ded74b23c79d86984371508da60c318576ee3f7953444d353463198be9480dfcd07be76fe27e32f791

    Score
    10/10
    discoveryevasionexploit

    • Modifies Windows Firewall

      evasion

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks