Overview

overview

8

Static

static

1

CSINT INSTALLER.bat

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CSINT INSTALLER.bat

  • Size

    267KB

  • Sample

    240904-afef7ascka

  • MD5

    659bcd4dcb5117cded6dfe51de49e8eb

  • SHA1

    ad914f38c8d5d237b2c0151de11699c557630078

  • SHA256

    cc4aa676c6f83e3e05ce41ef684bcce7a31265d506afe0643c1faf130a28bc1e

  • SHA512

    9653ece41f6114a87f0783ab897a8b3e44072249e8f8a09629146d9e5a165e6516663a97906e7ab4c468d96a5c566f7605eff0de668ba61e0b047013b8b9b73c

  • SSDEEP

    6144:5JZgjc6iaSt+N3qnc96GH7LIxiz6/5MWEEprS:5JF6OtU3ToGbLI7hlEE8

Score
8/10
execution

Malware Config

Targets

    • Target

      CSINT INSTALLER.bat

    • Size

      267KB

    • MD5

      659bcd4dcb5117cded6dfe51de49e8eb

    • SHA1

      ad914f38c8d5d237b2c0151de11699c557630078

    • SHA256

      cc4aa676c6f83e3e05ce41ef684bcce7a31265d506afe0643c1faf130a28bc1e

    • SHA512

      9653ece41f6114a87f0783ab897a8b3e44072249e8f8a09629146d9e5a165e6516663a97906e7ab4c468d96a5c566f7605eff0de668ba61e0b047013b8b9b73c

    • SSDEEP

      6144:5JZgjc6iaSt+N3qnc96GH7LIxiz6/5MWEEprS:5JF6OtU3ToGbLI7hlEE8

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks