General
-
Target
Byte Vault D34TH X .bat
-
Size
5KB
-
MD5
af027f0cf448f9e2edf19c1c01011a72
-
SHA1
9578ca04a957d7300c479cbdd90a71d5c7357e21
-
SHA256
320825e55cf9bf0332f5480dcbf6b7f4713c68973db3884199627d47cccb46a1
-
SHA512
bd45b1faf74e81d90371021f8cd2a32fb4fe3d16f7544612453abcbf5ce996979c8c9a615bc64af978b0909a2baa751232525ef3c8cb6941d43169e80c53dffe
-
SSDEEP
96:zxRasbP5Elry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhz:zxR/b5AhCaRWzWXCaRWzWgMoUWqe71up
Score
10/10
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks for this command that runs a batch skript as administrator: net session >nul 2>&1 || (powershell start -verb runas '"%~0"' &exit /b) 1 IoCs
The Command is used in malicious skripts to make shure they are run as Administrator.
Files
-
Byte Vault D34TH X .bat