General

  • Target

    Bat2Exe-main.rar

  • Size

    926KB

  • Sample

    240228-baxagsfe4y

  • MD5

    a68d8d819c0d5218bb8984ad928a8cb1

  • SHA1

    575f96b5cd0d8f62ccf7415dfcc2cb19a6ea62f2

  • SHA256

    1ba110b17eac396a440060850d992c125eb4ba7acbb3479399170af36cdace6a

  • SHA512

    d79380deddc001dd3ba28204498ca2e1896841d025c521fd35576290c86a5b1c70c53b1523f3a1e9de257338ef69045740bf7418bf413b65b189bdacd7e42eac

  • SSDEEP

    12288:X/VU1fK7QZu519cVuSziZWjSz9b6aWRMx5z1wQ2CZZDGYEBKPuCxrtHqhoJDBIn:X/qu5QVuSe95Ksh1120EBHCs

Score
7/10

Malware Config

Targets

    • Target

      Bat2Exe-main.rar

    • Size

      926KB

    • MD5

      a68d8d819c0d5218bb8984ad928a8cb1

    • SHA1

      575f96b5cd0d8f62ccf7415dfcc2cb19a6ea62f2

    • SHA256

      1ba110b17eac396a440060850d992c125eb4ba7acbb3479399170af36cdace6a

    • SHA512

      d79380deddc001dd3ba28204498ca2e1896841d025c521fd35576290c86a5b1c70c53b1523f3a1e9de257338ef69045740bf7418bf413b65b189bdacd7e42eac

    • SSDEEP

      12288:X/VU1fK7QZu519cVuSziZWjSz9b6aWRMx5z1wQ2CZZDGYEBKPuCxrtHqhoJDBIn:X/qu5QVuSe95Ksh1120EBHCs

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks