General

  • Target

    stacysmom.bat

  • Size

    5KB

  • Sample

    240820-t7kxtswgkj

  • MD5

    b3428a29b5453aaad9a24d210eb7ea2d

  • SHA1

    8750ab66984c01cbad59ea757d451fda265cc058

  • SHA256

    e1fa0f36a12f308231f450815dba66836874996f89aa6be5e71ace6ae68e85aa

  • SHA512

    e513dbabac1e4b9bb65569c0e2a83f1de5b9292e31b5b4efa5441ba52af163f25d1883779d22f25488e127602999a1f0c1ecacfce048b2bfb790601252d1abe1

  • SSDEEP

    96:QRFtm+liTa4T0JNMR9iJJjl2nMXHT9lZ4tkYpzFmdfZBAU+5PjPSw41RLIZg9S01:QjI+liTa4IHE9OlmM3T9D4PBFQA3PjPa

Malware Config

Targets

    • Target

      stacysmom.bat

    • Size

      5KB

    • MD5

      b3428a29b5453aaad9a24d210eb7ea2d

    • SHA1

      8750ab66984c01cbad59ea757d451fda265cc058

    • SHA256

      e1fa0f36a12f308231f450815dba66836874996f89aa6be5e71ace6ae68e85aa

    • SHA512

      e513dbabac1e4b9bb65569c0e2a83f1de5b9292e31b5b4efa5441ba52af163f25d1883779d22f25488e127602999a1f0c1ecacfce048b2bfb790601252d1abe1

    • SSDEEP

      96:QRFtm+liTa4T0JNMR9iJJjl2nMXHT9lZ4tkYpzFmdfZBAU+5PjPSw41RLIZg9S01:QjI+liTa4IHE9OlmM3T9D4PBFQA3PjPa

    • Blocklisted process makes network request

    • Download via BitsAdmin

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks