Overview

overview

10

Static

static

1

Dark_Store.bat

windows7-x64

1

Dark_Store.bat

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Dark_Store.bat

  • Size

    13KB

  • Sample

    240405-tpp4tsge7y

  • MD5

    69069bbb870f601aa4d0be94219bfc8a

  • SHA1

    5a5cfa40d48e2853ba26df9c006de00be82a536a

  • SHA256

    f7b6c95549dae14a2f329d854b39b13b49c0cc9aa1503713d03fb55307d62ff1

  • SHA512

    3047c87557b66ee6ea8f7ad95561c658f782ecbcfaf281d37518f2a6c423e3dd7577076dfe0d3ad0da07d42606165dfc32e125870820d6edd62fd360b409e893

  • SSDEEP

    384:p9+4vYKSDB7EEzsmERH5Zc94dL7EEzsmE7HBZBubZQ+owhJl:P+AODDbSos

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      Dark_Store.bat

    • Size

      13KB

    • MD5

      69069bbb870f601aa4d0be94219bfc8a

    • SHA1

      5a5cfa40d48e2853ba26df9c006de00be82a536a

    • SHA256

      f7b6c95549dae14a2f329d854b39b13b49c0cc9aa1503713d03fb55307d62ff1

    • SHA512

      3047c87557b66ee6ea8f7ad95561c658f782ecbcfaf281d37518f2a6c423e3dd7577076dfe0d3ad0da07d42606165dfc32e125870820d6edd62fd360b409e893

    • SSDEEP

      384:p9+4vYKSDB7EEzsmERH5Zc94dL7EEzsmE7HBZBubZQ+owhJl:P+AODDbSos

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks