D34TH 5[.]0 [.]bat

Resubmissions

04/05/2024, 23:58

240504-31myaaba43 7

04/05/2024, 23:58

240504-31g22afh3x 7

04/05/2024, 23:43

240504-3qrtgsaf54 10

Sharing

Copy URL Twitter E-mail

General

Target

D34TH 5.0 .bat
Size

5KB
MD5

976f1aebe71046042e86d80ca9d4499f
SHA1

6a1d1473d11426150b485e263696ef8a1e968c56
SHA256

1824c0a88a597388f800a4bf589ae2bc70ac7969f504153ab757dd8360308de3
SHA512

7c0a4486155b8eb8343c9d08f74874782a57c7320fdf869f11fe3ef4e04aedf315a5d14df791fadfb0140aa6f0e11e2152d2daa9077ea000d8995216fdd8ba2d
SSDEEP

96:f7waGloPcoOc8kPOBozyFcycFcscXc2cpcQcbcqc9KdEvuhIieSljYx+/UtaLA4H:f7wZlo0o/hr+pMnKFYj42eiwAu65Yay

Score

7^/10

Malware Config

Signatures

Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b) 1 IoCs

The Command is used in malicious skripts to make shure they are run as Administrator.

resource	yara_rule
sample	DetectNetSessionCommand_FA

Files

D34TH 5.0 .bat