General
-
Target
bot23.bat
-
Size
330B
-
Sample
240524-ntwvaaff68
-
MD5
1137487e0274c696ee5378b5a01f0cdf
-
SHA1
9375478018a5b4a6c1c8bcf7ef20ecef36c2e700
-
SHA256
2c6e184f8ab0d72b37893c0ccc202067edf0957492bba85ef2fa2676b27eecec
-
SHA512
3c888e334ddcea60a716dcefad7fee34f3972e9b0b912b9c8584866b9d76d80864bb3d3a50a9091610f64ee2595b5f3daf665f5e6e8575d477b16acfd8bb72ef
Static task
static1
Behavioral task
behavioral1
Sample
bot23.bat
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
bot23.bat
-
Size
330B
-
MD5
1137487e0274c696ee5378b5a01f0cdf
-
SHA1
9375478018a5b4a6c1c8bcf7ef20ecef36c2e700
-
SHA256
2c6e184f8ab0d72b37893c0ccc202067edf0957492bba85ef2fa2676b27eecec
-
SHA512
3c888e334ddcea60a716dcefad7fee34f3972e9b0b912b9c8584866b9d76d80864bb3d3a50a9091610f64ee2595b5f3daf665f5e6e8575d477b16acfd8bb72ef
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-