General

  • Target

    real.bat

  • Size

    1KB

  • Sample

    240807-dxlhlszcqn

  • MD5

    9310665742ce11663034ef6708932124

  • SHA1

    00c51f35addad2e0ce0b560237b4ec29c77b41ca

  • SHA256

    e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872

  • SHA512

    06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0

Malware Config

Targets

    • Target

      real.bat

    • Size

      1KB

    • MD5

      9310665742ce11663034ef6708932124

    • SHA1

      00c51f35addad2e0ce0b560237b4ec29c77b41ca

    • SHA256

      e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872

    • SHA512

      06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

MITRE ATT&CK Enterprise v15

Tasks