General

  • Target

    b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8.bat

  • Size

    7KB

  • Sample

    240523-cdbnmahe8v

  • MD5

    6a0e1a60234d409a8d5c630f84b707f4

  • SHA1

    33ab80ab6ee9ff90d35ff1912090ed68f225f0cb

  • SHA256

    b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8

  • SHA512

    92b198585eddbee2d1bfd37736bbe6a1f44a5c751f2dd15cc6c10104af2bb9557990f963a15bbac4ad0e21d3066ba0cb83bc41245e46d67408e72ae5f7d9bbaf

  • SSDEEP

    96:2XOLZvaljhpoAjs3R3R75XVbOVrGTvyoidAdCgpn7wEnx/1XCzlbTX:WSZv4jhaOoHNXbqo8gSlbTX

Score
8/10

Malware Config

Targets

    • Target

      b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8.bat

    • Size

      7KB

    • MD5

      6a0e1a60234d409a8d5c630f84b707f4

    • SHA1

      33ab80ab6ee9ff90d35ff1912090ed68f225f0cb

    • SHA256

      b900fc6ff55f455165bc9f9d1eb1063c72581d372c78ec3be3decb21045450e8

    • SHA512

      92b198585eddbee2d1bfd37736bbe6a1f44a5c751f2dd15cc6c10104af2bb9557990f963a15bbac4ad0e21d3066ba0cb83bc41245e46d67408e72ae5f7d9bbaf

    • SSDEEP

      96:2XOLZvaljhpoAjs3R3R75XVbOVrGTvyoidAdCgpn7wEnx/1XCzlbTX:WSZv4jhaOoHNXbqo8gSlbTX

    Score
    8/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks