General
-
Target
real.bat
-
Size
1KB
-
Sample
240807-dxlhlszcqn
-
MD5
9310665742ce11663034ef6708932124
-
SHA1
00c51f35addad2e0ce0b560237b4ec29c77b41ca
-
SHA256
e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872
-
SHA512
06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0
Static task
static1
Behavioral task
behavioral1
Sample
real.bat
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
real.bat
-
Size
1KB
-
MD5
9310665742ce11663034ef6708932124
-
SHA1
00c51f35addad2e0ce0b560237b4ec29c77b41ca
-
SHA256
e7e82e0b485c47363688615dec109804bdcbc5472794ca540b659d55d8027872
-
SHA512
06b43e90d12947c13083340effc17253541b489b24fe5ce792abed5b9491d8479d0ba84e06b72067b71dbbd032932c7358296d079931e14cbe6bf26d516336b0
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-