General

  • Target

    test.bat

  • Size

    960B

  • Sample

    241110-w6rebs1rew

  • MD5

    6c36eb8f0d40a695823f4b223e902a76

  • SHA1

    ae42ce7325d94eeba30b6dd79c3311683b338a42

  • SHA256

    cf7fc0030701aeb533ef8ae92af4acd91b632c83a613024750fa440ed5c79380

  • SHA512

    65ca1a959d19d41cee3dd51980c8cabdd7a3f2207a1dbb93fe9f7ce40bba3b3b2699471d71b5d2a2b2ab97a6779da7d1ee29d463e101d8b11910abdedbfe58f7

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bin.homebots.io/f/86590cf0-ce48-483b-bd0f-160db32a386c/1889464b-428c-4dc4-9c01-19ce05d86f8f

Targets

    • Target

      test.bat

    • Size

      960B

    • MD5

      6c36eb8f0d40a695823f4b223e902a76

    • SHA1

      ae42ce7325d94eeba30b6dd79c3311683b338a42

    • SHA256

      cf7fc0030701aeb533ef8ae92af4acd91b632c83a613024750fa440ed5c79380

    • SHA512

      65ca1a959d19d41cee3dd51980c8cabdd7a3f2207a1dbb93fe9f7ce40bba3b3b2699471d71b5d2a2b2ab97a6779da7d1ee29d463e101d8b11910abdedbfe58f7

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks