General

  • Target

    test.bat

  • Size

    1KB

  • Sample

    241110-w431cascql

  • MD5

    eef54d049b3eb756987efdfd4e5d9a93

  • SHA1

    a01a089fbf14b954fcc52d04b280aaf32e906f4a

  • SHA256

    1b4466a9912ef2b5c5fa5b0f5d25c97fe3b55b3a23e9800a565a48ad4dd29844

  • SHA512

    800e625884bd7175e5017f8e9a20bcb06ca427b02db7bbde973095261b8ead4fda784362b3e44186f29d9300cb1b3763df718ba6fddad1f1444d05730c4ba3c9

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bin.homebots.io/f/86590cf0-ce48-483b-bd0f-160db32a386c/1889464b-428c-4dc4-9c01-19ce05d86f8f

Targets

    • Target

      test.bat

    • Size

      1KB

    • MD5

      eef54d049b3eb756987efdfd4e5d9a93

    • SHA1

      a01a089fbf14b954fcc52d04b280aaf32e906f4a

    • SHA256

      1b4466a9912ef2b5c5fa5b0f5d25c97fe3b55b3a23e9800a565a48ad4dd29844

    • SHA512

      800e625884bd7175e5017f8e9a20bcb06ca427b02db7bbde973095261b8ead4fda784362b3e44186f29d9300cb1b3763df718ba6fddad1f1444d05730c4ba3c9

    Score
    10/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks