a0a59c0434f9f36915f4b00704f1270878412dd6f63639956616faed8d3417be | Triage

Sharing

General

Target

nigger.bat
Size

22KB
Sample

240928-g2sdha1cpn
MD5

9728d8cbe0f70e03fd89949af0e83ec9
SHA1

29156b3c59987aea93a444a7bc3e910d58cce381
SHA256

a0a59c0434f9f36915f4b00704f1270878412dd6f63639956616faed8d3417be
SHA512

6637bf029dfdeb38d225db1b60e28d2d351f70e609e6049274a88d95cb4c2f6067c855c63fc5faeff20610025327d4b3c840379be43df05c1de888d2b9696137
SSDEEP

192:P9+NMQsAG26lW9AU4c8gbDkMtzHkb4+6OFJIkRpGV9+NMQsAG26lW9AU4c8gbDkm:P9+mlk9+mlw

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Targets

- Target
  
  nigger.bat
- Size
  
  22KB
- MD5
  
  9728d8cbe0f70e03fd89949af0e83ec9
- SHA1
  
  29156b3c59987aea93a444a7bc3e910d58cce381
- SHA256
  
  a0a59c0434f9f36915f4b00704f1270878412dd6f63639956616faed8d3417be
- SHA512
  
  6637bf029dfdeb38d225db1b60e28d2d351f70e609e6049274a88d95cb4c2f6067c855c63fc5faeff20610025327d4b3c840379be43df05c1de888d2b9696137
- SSDEEP
  
  192:P9+NMQsAG26lW9AU4c8gbDkMtzHkb4+6OFJIkRpGV9+NMQsAG26lW9AU4c8gbDkm:P9+mlk9+mlw
Score

8^/10

discovery evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
- Drops startup file
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Network Share Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceprivilege_escalation

behavioral2

discoveryevasionpersistenceprivilege_escalation