General
-
Target
N.bat
-
Size
28KB
-
Sample
240511-lt45jsbf51
-
MD5
a32f8b613ddf66ea93311118d63bd110
-
SHA1
fd19d211cf4b5feb8beaf5a41daca864ae6e02c6
-
SHA256
9fb8611f27b895e6d7a42435ea9b2fb13f18b2e9ccdb715ecf3281d75e3be0fb
-
SHA512
e0372c6e8ee4a0ee2fede0f5579d84f1fd34db57fac0c203e53e4289980e58d53533deca29e637efb4a336003eb55e74ec192a175e8e008883b241d0ce005f03
-
SSDEEP
768:Wjj49w9xfoeRkPEE/Z4eFVohU24vN1UZ3t8XYDTZvQlhXNM47PGZYqU6Qa31lqHZ:IOZ4eFVohU24vNBORQlhXNM47Pq2L+ls
Malware Config
Extracted
https://github.com/sdvsdv23rbfdb3/kjkj/raw/main/1
Extracted
https://github.com/bao3125/ff/raw/main/Documen.zip
Targets
-
-
Target
N.bat
-
Size
28KB
-
MD5
a32f8b613ddf66ea93311118d63bd110
-
SHA1
fd19d211cf4b5feb8beaf5a41daca864ae6e02c6
-
SHA256
9fb8611f27b895e6d7a42435ea9b2fb13f18b2e9ccdb715ecf3281d75e3be0fb
-
SHA512
e0372c6e8ee4a0ee2fede0f5579d84f1fd34db57fac0c203e53e4289980e58d53533deca29e637efb4a336003eb55e74ec192a175e8e008883b241d0ce005f03
-
SSDEEP
768:Wjj49w9xfoeRkPEE/Z4eFVohU24vN1UZ3t8XYDTZvQlhXNM47PGZYqU6Qa31lqHZ:IOZ4eFVohU24vNBORQlhXNM47Pq2L+ls
Score10/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-