General
-
Target
main.bat
-
Size
18KB
-
Sample
240711-tz19vavcjl
-
MD5
9e8a097543258c3690cd0106993ace37
-
SHA1
b86a8522134cd761b6ee02facc7ea5d638182156
-
SHA256
fc5849da70e7d7f8dce61a0a2be4e7abe9bd3f258d7b2a5e17f06ba4ccf3df4f
-
SHA512
b316f2158d9f38cc026f8a8716b15539fb26ed679a6db8e8f7539cfce18881dea11431ecd511b8199522eca6634bdc3b701bc9273c9fb6391d17372de08e525a
-
SSDEEP
384:atb1dVAg9120aNEkfYYGxQYUfPt7GusKrTt2OoXatpK:EKDfNEvYGxQYUfPt7GusKrTtHoXatpK
Malware Config
Extracted
https://discord.com/api/webhooks/1260614925127254239/hPTszA64BDlLUFi6Nz6it-WGRuGond_Culr2GunGmLJ-WLCQInme4bwtvraxVzwUYqIj
Extracted
https://discord.com/api/webhooks/1260614925127254239/hPTszA64BDlLUFi6Nz6it-WGRuGond_Culr2GunGmLJ-WLCQInme4bwtvraxVzwUYqIj
Targets
-
-
Target
main.bat
-
Size
18KB
-
MD5
9e8a097543258c3690cd0106993ace37
-
SHA1
b86a8522134cd761b6ee02facc7ea5d638182156
-
SHA256
fc5849da70e7d7f8dce61a0a2be4e7abe9bd3f258d7b2a5e17f06ba4ccf3df4f
-
SHA512
b316f2158d9f38cc026f8a8716b15539fb26ed679a6db8e8f7539cfce18881dea11431ecd511b8199522eca6634bdc3b701bc9273c9fb6391d17372de08e525a
-
SSDEEP
384:atb1dVAg9120aNEkfYYGxQYUfPt7GusKrTt2OoXatpK:EKDfNEvYGxQYUfPt7GusKrTtHoXatpK
Score10/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-