General
-
Target
Byte Vault D34TH X .bat
-
Size
5KB
-
Sample
240516-2mmjxscc35
-
MD5
af027f0cf448f9e2edf19c1c01011a72
-
SHA1
9578ca04a957d7300c479cbdd90a71d5c7357e21
-
SHA256
320825e55cf9bf0332f5480dcbf6b7f4713c68973db3884199627d47cccb46a1
-
SHA512
bd45b1faf74e81d90371021f8cd2a32fb4fe3d16f7544612453abcbf5ce996979c8c9a615bc64af978b0909a2baa751232525ef3c8cb6941d43169e80c53dffe
-
SSDEEP
96:zxRasbP5Elry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhz:zxR/b5AhCaRWzWXCaRWzWgMoUWqe71up
Static task
static1
Behavioral task
behavioral1
Sample
Byte Vault D34TH X .bat
Resource
win11-20240426-en
Malware Config
Extracted
https://cdn.discordapp.com/attachments/1181543227728330774/1237538022371754046/ByteVaultX.exe?ex=66473758&is=6645e5d8&hm=86bba81d6232969cb4ade81e882b8bcee5f5dacefa6cc2ac70ca40db4c969e4c&
Extracted
C:\Encrypt\encrypt.html
Targets
-
-
Target
Byte Vault D34TH X .bat
-
Size
5KB
-
MD5
af027f0cf448f9e2edf19c1c01011a72
-
SHA1
9578ca04a957d7300c479cbdd90a71d5c7357e21
-
SHA256
320825e55cf9bf0332f5480dcbf6b7f4713c68973db3884199627d47cccb46a1
-
SHA512
bd45b1faf74e81d90371021f8cd2a32fb4fe3d16f7544612453abcbf5ce996979c8c9a615bc64af978b0909a2baa751232525ef3c8cb6941d43169e80c53dffe
-
SSDEEP
96:zxRasbP5Elry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhz:zxR/b5AhCaRWzWXCaRWzWgMoUWqe71up
Score10/10-
Renames multiple (162) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Blocklisted process makes network request
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-