Overview

overview

8

Static

static

1

virus.bat

windows10-1703-x64

8

virus.bat

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    virus.bat

  • Size

    1KB

  • Sample

    240822-x23r8stcpg

  • MD5

    ce5dbc9d771daeff76c8b998ddfac797

  • SHA1

    6bb726da834f838eef5d2bd38bc4f4e672330cfe

  • SHA256

    b7385ed563b480a264870d5f1216eb7853e2fb3e0cc1698239bf9fdcc1b57c9c

  • SHA512

    cdc253a8ccf8cb05e451789d8aa61933f02a6565dd3ea3162ffe9def8f49ce21e8155d7bb9a631352d9cf3c3653e9e243df31d9046f15979a2e0b35a89facbfd

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      virus.bat

    • Size

      1KB

    • MD5

      ce5dbc9d771daeff76c8b998ddfac797

    • SHA1

      6bb726da834f838eef5d2bd38bc4f4e672330cfe

    • SHA256

      b7385ed563b480a264870d5f1216eb7853e2fb3e0cc1698239bf9fdcc1b57c9c

    • SHA512

      cdc253a8ccf8cb05e451789d8aa61933f02a6565dd3ea3162ffe9def8f49ce21e8155d7bb9a631352d9cf3c3653e9e243df31d9046f15979a2e0b35a89facbfd

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks