General
-
Target
batty.bat
-
Size
4KB
-
Sample
240929-h89f2axdnh
-
MD5
0ed6d92eb6002975cab4b141fa8e48f9
-
SHA1
3d81c6350ef10be62a7c6b175af44fa363d81feb
-
SHA256
a51d5ba8a45986784cf36b41570e3071975bb22d7b50d7aec05742c68ec0ad55
-
SHA512
0beea6db5a1c00c96e8cad70661e23647a9ba71f681d865b3c103ad86e2af1fa80acbbe1d7554b7c6034de7659b9853943a43d6b70f44e37aafbbab70baa1373
-
SSDEEP
48:37l9BNXcf6iG2FK+8OEW9+HeEdUm/E2n23WwkFEeJE/sPEijE1Ms9Xc/fDKye9+j:37jEf8+8HFU22mZXMGEny/NKCDjT
Malware Config
Targets
-
-
Target
batty.bat
-
Size
4KB
-
MD5
0ed6d92eb6002975cab4b141fa8e48f9
-
SHA1
3d81c6350ef10be62a7c6b175af44fa363d81feb
-
SHA256
a51d5ba8a45986784cf36b41570e3071975bb22d7b50d7aec05742c68ec0ad55
-
SHA512
0beea6db5a1c00c96e8cad70661e23647a9ba71f681d865b3c103ad86e2af1fa80acbbe1d7554b7c6034de7659b9853943a43d6b70f44e37aafbbab70baa1373
-
SSDEEP
48:37l9BNXcf6iG2FK+8OEW9+HeEdUm/E2n23WwkFEeJE/sPEijE1Ms9Xc/fDKye9+j:37jEf8+8HFU22mZXMGEny/NKCDjT
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1