General
-
Target
loader_obf.bat
-
Size
3.6MB
-
Sample
240223-l9p1kaef3t
-
MD5
6531b28786be30434acd8a1f96529f4e
-
SHA1
fde3b17e4f2be4a42f5a1eaf1dbcd7024b50b171
-
SHA256
30ca15e0c27b369f12598b23f6e56ab3326ab02f124470bc455c3f85a91a23d1
-
SHA512
97b7b9c302d39b38ec933b780701499716dacf0428c1763e2b90067877d063666b71253c4f74f1e776b15054a1af35cbfdfd98c23536b3b5e797f67d0d998ffa
-
SSDEEP
6144:7194tl15KgM8/kaMfORd2PKXFasv/Spat2H0P3kL3d2yUY2E:S+gM84O8uawxt3ke8
Static task
static1
Behavioral task
behavioral1
Sample
loader_obf.bat
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
loader_obf.bat
Resource
win10v2004-20240221-en
Malware Config
Extracted
https://raw.githubusercontent.com/partymonster2/Batch-Scripts/main/explorer.bat
Extracted
cobaltstrike
http://192.168.158.132:443/SmYD
-
user_agent
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 2.0.50727)
Targets
-
-
Target
loader_obf.bat
-
Size
3.6MB
-
MD5
6531b28786be30434acd8a1f96529f4e
-
SHA1
fde3b17e4f2be4a42f5a1eaf1dbcd7024b50b171
-
SHA256
30ca15e0c27b369f12598b23f6e56ab3326ab02f124470bc455c3f85a91a23d1
-
SHA512
97b7b9c302d39b38ec933b780701499716dacf0428c1763e2b90067877d063666b71253c4f74f1e776b15054a1af35cbfdfd98c23536b3b5e797f67d0d998ffa
-
SSDEEP
6144:7194tl15KgM8/kaMfORd2PKXFasv/Spat2H0P3kL3d2yUY2E:S+gM84O8uawxt3ke8
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-