General
-
Target
server.bat
-
Size
183KB
-
Sample
241027-we6d6sxpeq
-
MD5
27e5469dbaacd4cd5302b42d86bfbd2c
-
SHA1
fa5b4d0c6f52494d9af48fcd81e509eb0629e9d0
-
SHA256
1b27ef0bb6f819af8be9592d84122a2dc194b37787f3878dcb4b6a7ed7d4b3b7
-
SHA512
33cf0b46bdb14055a83ee967687572d0afdfb801f89b86ff4d39b99523111cad0c53a34861421b27909ce18fb143c2dadd8ac127e48f2c663baa6739a3ab6b70
-
SSDEEP
3072:vurlxKcMZde2vBVQF4EWjFRA229YvepcCBKXbpY:WrlKdeAVQF4EWx92iepcCBKL
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
server.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
server.bat
-
Size
183KB
-
MD5
27e5469dbaacd4cd5302b42d86bfbd2c
-
SHA1
fa5b4d0c6f52494d9af48fcd81e509eb0629e9d0
-
SHA256
1b27ef0bb6f819af8be9592d84122a2dc194b37787f3878dcb4b6a7ed7d4b3b7
-
SHA512
33cf0b46bdb14055a83ee967687572d0afdfb801f89b86ff4d39b99523111cad0c53a34861421b27909ce18fb143c2dadd8ac127e48f2c663baa6739a3ab6b70
-
SSDEEP
3072:vurlxKcMZde2vBVQF4EWjFRA229YvepcCBKXbpY:WrlKdeAVQF4EWx92iepcCBKL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Adds Run key to start application
-