General
-
Target
Ultimate Evasion.bat
-
Size
5KB
-
Sample
240516-2ezvaabg54
-
MD5
57d198f4c1f05b4c50c816c9e5a3296b
-
SHA1
1a98ad63de1964325434ec0b5d96aeb8b6156c16
-
SHA256
84e7ea1bdcdf849b82c97dbd9d299862ceb35232c0c3866204ac5f97aaa417ca
-
SHA512
112e24a57d6a6fd501a9817379d216e8eb1c62b3e8886f7cc93d18be2e553a5923ad64caa5428508d84ec9c0a12d6d126bc90212bf6b269291ac61eeaafba19f
-
SSDEEP
96:i0ry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhk:i0hCaRWzWXCaRWzWgMoUWqe71uQNVyRm
Static task
static1
Behavioral task
behavioral1
Sample
Ultimate Evasion.bat
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1181543227728330774/1237538022371754046/ByteVaultX.exe?ex=66473758&is=6645e5d8&hm=86bba81d6232969cb4ade81e882b8bcee5f5dacefa6cc2ac70ca40db4c969e4c&
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
Ultimate Evasion.bat
-
Size
5KB
-
MD5
57d198f4c1f05b4c50c816c9e5a3296b
-
SHA1
1a98ad63de1964325434ec0b5d96aeb8b6156c16
-
SHA256
84e7ea1bdcdf849b82c97dbd9d299862ceb35232c0c3866204ac5f97aaa417ca
-
SHA512
112e24a57d6a6fd501a9817379d216e8eb1c62b3e8886f7cc93d18be2e553a5923ad64caa5428508d84ec9c0a12d6d126bc90212bf6b269291ac61eeaafba19f
-
SSDEEP
96:i0ry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhk:i0hCaRWzWXCaRWzWgMoUWqe71uQNVyRm
Score10/10-
Renames multiple (128) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-