41660459fcd51eea6e269bc684eda78e5fd975b7c1ad32f21e07cece6d1dcb64 | Triage

Sharing

General

Target

bruh.bat
Size

508B
Sample

240911-nzzhcsyhle
MD5

a84380515a66aa2fbbba3caf497010ab
SHA1

07e6dfc95ec2c094a36e0890437212a176200941
SHA256

41660459fcd51eea6e269bc684eda78e5fd975b7c1ad32f21e07cece6d1dcb64
SHA512

863c2f037e48e72f618c47d4f03330c76a5867593ccfa24a5abaa4cd6bfae161753b21359737f7ec1e960f499d3545e9471f1dcfd5505d123d64cb89e79f9862

Score

8^/10

execution

Malware Config

Targets

- Target
  
  bruh.bat
- Size
  
  508B
- MD5
  
  a84380515a66aa2fbbba3caf497010ab
- SHA1
  
  07e6dfc95ec2c094a36e0890437212a176200941
- SHA256
  
  41660459fcd51eea6e269bc684eda78e5fd975b7c1ad32f21e07cece6d1dcb64
- SHA512
  
  863c2f037e48e72f618c47d4f03330c76a5867593ccfa24a5abaa4cd6bfae161753b21359737f7ec1e960f499d3545e9471f1dcfd5505d123d64cb89e79f9862
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3