a08fbdb03519aba94086698e6b0dfff6ecaf6a1898947319d807c039c8847156

Resubmissions

23/02/2024, 02:26

240223-cw8fbaaa2x 10

23/02/2024, 02:21

240223-cs7dvaae27 10

Sharing

Copy URL

Twitter E-mail

General

Target

main.bat
Size

1021B
Sample

240223-cs7dvaae27
MD5

2af9fa8f11372ee57de3a24d8194e933
SHA1

d762d1f8f41d945bed6ede83e0849abe72c45ead
SHA256

a08fbdb03519aba94086698e6b0dfff6ecaf6a1898947319d807c039c8847156
SHA512

a7f86397bb7d1feab2e8c42ffc7b164a0268d619a4cc8058af1d4b4cf61582f0efdae61bf2e292096f4fe2c17cee0913918fb3c866e4f7df81b48a5d7d66377d

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1210399637668888596/sq9DmWnxKx2Vge5EqmBBpL4Aiwl-hN_Dl0SLT0SDUAgRwBDBJETln7hznNqAh7pHoi4V

Targets

- Target
  
  main.bat
- Size
  
  1021B
- MD5
  
  2af9fa8f11372ee57de3a24d8194e933
- SHA1
  
  d762d1f8f41d945bed6ede83e0849abe72c45ead
- SHA256
  
  a08fbdb03519aba94086698e6b0dfff6ecaf6a1898947319d807c039c8847156
- SHA512
  
  a7f86397bb7d1feab2e8c42ffc7b164a0268d619a4cc8058af1d4b4cf61582f0efdae61bf2e292096f4fe2c17cee0913918fb3c866e4f7df81b48a5d7d66377d
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2