Overview

overview

5

Static

static

3

pepew(Copy 10).bat

windows7-x64

5

pepew(Copy 11).bat

windows7-x64

5

pepew(Copy 12).bat

windows7-x64

5

pepew(Copy 13).bat

windows7-x64

pepew(Copy 14).bat

windows7-x64

5

pepew(Copy 15).bat

windows7-x64

5

pepew(Copy 16).bat

windows7-x64

pepew(Copy 17).bat

windows7-x64

5

pepew(Copy 18).bat

windows7-x64

5

pepew(Copy 19).bat

windows7-x64

5

pepew(Copy 2).bat

windows7-x64

5

pepew(Copy 20).bat

windows7-x64

5

pepew(Copy 21).bat

windows7-x64

5

pepew(Copy 22).bat

windows7-x64

5

pepew(Copy 23).bat

windows7-x64

5

pepew(Copy 24).bat

windows7-x64

5

pepew(Copy 25).bat

windows7-x64

5

pepew(Copy 26).bat

windows7-x64

5

pepew(Copy 27).bat

windows7-x64

5

pepew(Copy 28).bat

windows7-x64

5

pepew(Copy 29).bat

windows7-x64

5

pepew(Copy 3).bat

windows7-x64

5

pepew(Copy 30).bat

windows7-x64

5

pepew(Copy 31).bat

windows7-x64

5

pepew(Copy 32).bat

windows7-x64

5

pepew(Copy 4).bat

windows7-x64

5

pepew(Copy 5).bat

windows7-x64

5

pepew(Copy 6).bat

windows7-x64

5

pepew(Copy 7).bat

windows7-x64

5

pepew(Copy 8).bat

windows7-x64

5

pepew(Copy 9).bat

windows7-x64

5

pepew.bat

windows7-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HDH63SGI9KD00054333747BD0F9F1C76493D2CBE493101A036A53F991D9FB61FC719EE482F360DAA298TFHDW4.zip

  • Size

    24.7MB

  • Sample

    241121-hdan8atpen

  • MD5

    f8394e25c152aef6bcb25e6022e138f9

  • SHA1

    eb4f54327eb45e33ab3b43e222358c844e6fb7f0

  • SHA256

    204bf1666d2b6bab001e4132e1b83e94548d5fbbd4b4f778ef828be7c89ab7ad

  • SHA512

    78b532a76eae771d4566817ca9a79fa39bf8a6866f3e8879b2d84bcb185f3e88e04b54d6bb37459111859305b503926efbaf29eadc37f995a994f65d1f741a01

  • SSDEEP

    786432:qkS/Dnr5yhCJRzgwXPcXO5IH3uNsaOfTUjyzG:q1r/pXPcXO503KUrUjyzG

Score
5/10

Malware Config

Targets

    • Target

      pepew(Copy 10).bat

    • Size

      176B

    • MD5

      98cd7dc4a2e308a9d998479398abf7c2

    • SHA1

      3e6714fbfdf8217a1da0d508857fc7d1059af53a

    • SHA256

      0f152849db467f464a52e2bdcfb9abeff2be27dda6619aa6f1f7d3fdcf0a1ab3

    • SHA512

      3d2f825e4fbfd633091a0cff101f6d0324fba05c9e8f38f74456af6b0d74985b700e054681555ddded48952f1540a6d49c41d96e70190161354d692397a04628

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      pepew(Copy 11).bat

    • Size

      176B

    • MD5

      a9313a356610cd8991d30d4afeea6ce7

    • SHA1

      85fc333a9a3436046761ac13ade3dbe9fc93b727

    • SHA256

      a3f1c088b66dacf2827979ff8a2594bf3c194e30d67bf3850be7e7d3a25f9b21

    • SHA512

      5432e91144c0ca0ed635ad6b05f568f36bb7a13e9dcdb63b52a62358a29293668c3ccd0599092e9e7486ddeacd2ef583e17321cb16b7fd31cf2e956491a58ec5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

    • Target

      pepew(Copy 12).bat

    • Size

      176B

    • MD5

      1a798e3c98e4415eabd98723c902406c

    • SHA1

      a7458581782cbe7ba181a4cb92c6c64e3ddc33a8

    • SHA256

      d33dae0ac1cb109e5f9a9caa3197ce9562a588f36e02424aa6ca010ec2f77af0

    • SHA512

      76ef5e9fa9b42a9b8b671a4c1b7ca583d6f3414921ebb8488a08eaf20f5ca15afabad0d3a359d226169940f37d82847bfbfdc289a71169d703e47c9258dcc5a5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3

    • Target

      pepew(Copy 13).bat

    • Size

      176B

    • MD5

      bf2775963f7cac0db442eebd4d7f9101

    • SHA1

      6de7e3505f2dbd0aa87a8ebb79758fc3ba99d8d6

    • SHA256

      d61f2f31034d051bd8ef6272937ffa53e4dd667eb705f1be5840a419745b49fb

    • SHA512

      a1e5b19c37a43ed635dd88b29a79dc96ef61aea7c08d2dee33a21c036017c4d31bfbf2a961b0331613db4c1387b49e2f9e97b3392901dc67d05bf53a76c641f6

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral4

    • Target

      pepew(Copy 14).bat

    • Size

      176B

    • MD5

      08b670ec808be7c93d15e2dc04a8603d

    • SHA1

      cecdd64699b4492363cc9ca6eb1f649496353313

    • SHA256

      4846bb927cad550620463b7e630972913c58523d0d127d8d2a9805cf8896553c

    • SHA512

      d8cd213635760721834d08d031a3cbd5dceb21ced5763d1cba97486837ad7d2cee2dba396a14c2aaa1f0defd7dc9445fab2c1b87f1c949a961cccfb36b97cf7d

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5

    • Target

      pepew(Copy 15).bat

    • Size

      176B

    • MD5

      1be75d8a5633ca3faa40dd35c9590738

    • SHA1

      c436079bd12399996837ea16c94fa84ae24f57d6

    • SHA256

      aa6b5546f99d43159591faf44921a1c28a922fddc027cf7f5cc24d4ccfa331c9

    • SHA512

      0d465e44e5386a0f69927bfa631b2ab965cf6b98556ff0deba590b7a9fc89bb3a120ee1432a9f632347515f00953ad1c28758491ef9688c6301dd65375191ada

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral6

    • Target

      pepew(Copy 16).bat

    • Size

      176B

    • MD5

      edd7ed2bf3681ffa55e4ba45af7a286c

    • SHA1

      6df3b60752eaa892739570b71fa8649c2eddce81

    • SHA256

      b53fde544e13b5cdbd66d6d22553ffbb544ec1fd05fb6eb33d5d16ee3878da7a

    • SHA512

      66cca892408d95659a87485f3662a298c3653fc7c9f37c18214a496394909f4b1336e2917ce66044032d6b03c6303564d2931e6965930335a94b3c5a89fa7ef5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7

    • Target

      pepew(Copy 17).bat

    • Size

      176B

    • MD5

      2d7c3391b7de9204728fe314b0b234d8

    • SHA1

      9332f85725a010d58ccaaee17d2611cf2e122965

    • SHA256

      19acb50300709ee470cfc27250d6163200aa5122a459ec43fcd3303b0b33edcb

    • SHA512

      484ef1db9254f82ff67f4d9de7111b9a0a1d374cb76d3ed97a88f4877f6e654faa86294712ac673274a402244f679dc54bec8e6f8ad1ea27147c32c0d3a3ab2b

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral8

    • Target

      pepew(Copy 18).bat

    • Size

      176B

    • MD5

      c7658c411bf58a3051f9dba72a93a735

    • SHA1

      d75adf3830ca4abb34dc042d064bc7a5884b87cd

    • SHA256

      2cabf1bb022b49b1a3e56b88a6bc62d464de28d66f02f3913e181b365d4c7e9a

    • SHA512

      8ad50f866e37ef912137630285c6e8f792de85a7aa9f161eb4334cf09f83a4b376abe30aa7088ba536b2fc93c3165db602a50d1f681ee914737fc3afb459afb8

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral9

    • Target

      pepew(Copy 19).bat

    • Size

      176B

    • MD5

      971af4da335af74f42bb349d7c8e35f7

    • SHA1

      4514cb8d7b3c94949e486eda32b6ce15a033e980

    • SHA256

      bd6d5eb0c514d46e34bae8db31fe469b378ce5f94e1dbb71596f89e052b51ef8

    • SHA512

      6318cb4706da4c26b98cafb8c97c57ffac6413b8eb3237bf1037721ad742879057a328e1da8e40b0e7ed26f85a1c6616393af08a8e897ac8d522beb4d647aa60

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral10

    • Target

      pepew(Copy 2).bat

    • Size

      175B

    • MD5

      042de0f3189c04756154d1a56ed1feb1

    • SHA1

      8b3d3463ac689d4153bd621c6df5419b9c836626

    • SHA256

      9b6a290498d10f25d3d2b70a32d69d14ebf33f1fea3aec9deee1b04579bd8f20

    • SHA512

      09ba99cf8c045c05d5eb89c10071a99bc8aea5d55af8746bb0ff1f3aea0f5b6ae4163bc0714fe2ce1d4ed3e953f97905303eccade5b259145c828a64c1378152

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral11

    • Target

      pepew(Copy 20).bat

    • Size

      176B

    • MD5

      d6e6c71b347b9c481ca2b035524389ef

    • SHA1

      c996c72cdd42c4c89c746547bc725240191411a8

    • SHA256

      94296ed41dc7609c11b3504b0907544e91d1a96df2339d9c6faa2b6143d1249c

    • SHA512

      f6896d5027aafa464c619ed38d9fcfaf3d4dd06d15e083a1f8953f21f573cb2c3f517e14f9bed36e575912919801b5a3b818383dc3d6196a5f1d47b03c5ed726

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral12

    • Target

      pepew(Copy 21).bat

    • Size

      176B

    • MD5

      d2907ebe392720fc1a776a557ec7da2c

    • SHA1

      8f6741503ed49c80d9f34c64b1187a5b902d5a61

    • SHA256

      b46fb3d8d4217da01185650a6c4f3eac3fba0f4fdd0eaabbfdb15c97e96fa709

    • SHA512

      9bca258d0d8471260e31488e9ce614cd2862d78b1ec24d0ee5313dc83e004dce80662c0a6dd732d66cbec443e683a120197260d0ae36c06bc62d6747665d7c2f

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral13

    • Target

      pepew(Copy 22).bat

    • Size

      176B

    • MD5

      56e5080f53edbfb421602fff839e69d2

    • SHA1

      b8aa7c66e8fb356c29d4319e052879c5d0b2f90a

    • SHA256

      ba9d752cbcf905f75c7f0e085f160719c569b74b47fd2fb3677c5b819a6b33fa

    • SHA512

      84ad164f5d5abdcf491d4f179aa3cf7494c08f9ec5e4cac7ce92077a5b403eab2be8c6071aee1bcf7070145cfa7fca2543a43f13890b5950e6e7e393255aa369

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral14

    • Target

      pepew(Copy 23).bat

    • Size

      176B

    • MD5

      398844c18698fb3e73bdb2298fb19ba0

    • SHA1

      cf682f812c9125f433bd057dd7df0c999c4176b7

    • SHA256

      7f2361ee14e4f82630edae5b079d11a520b2b42b1ca73a63c2edb40a9fc4d5c9

    • SHA512

      e2a1ea3562e607914b850de386a0d1d0aba89dce83afe77afb9ba435806666f93290b627ce29a96af2a5b9ecab07ebabce5a7512573cad7521749e2563941926

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral15

    • Target

      pepew(Copy 24).bat

    • Size

      176B

    • MD5

      c04525cdf02062e3a874b52a78b74795

    • SHA1

      900a1effb7de66573dc017031abe0eb0c116670a

    • SHA256

      e1601b16a732652c594cfaaa58acb5d3e1f532a298f2cc6a420ffdd917ed5eb0

    • SHA512

      15bcd3514654082b84c41501c91ef6a38c01ad933fed957616041eb6624a051264cd14e74a57889eaddac82a2b4c50032892402082d726ad7ab3c140c6c06477

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral16

    • Target

      pepew(Copy 25).bat

    • Size

      176B

    • MD5

      525b695ae7eaed34765be1a9c3d809e1

    • SHA1

      688ac096d3687294110dab22e0b9d738ad6aecad

    • SHA256

      3bf17a4f9c7899cd5b2ebb28e868b55e301c936389f96d762d21096c6327ccbb

    • SHA512

      9b68b030dde0da82acc0f5c75fe2bc130658c238d36a4dd651dc03114fe91da956a17fd8ffd2b202dcd4c24d8eb6dbf739ba47f25bbc8a319ae532a8713b34aa

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral17

    • Target

      pepew(Copy 26).bat

    • Size

      176B

    • MD5

      cd6627427fca44b3062b85c28c32ebb3

    • SHA1

      122803becd43c07b536d9471470fe49adea6fe10

    • SHA256

      d967ec3c31dad982b67e5f508940a3dd6a9dfad89951246ec67a2440e3d6473a

    • SHA512

      ef41e684a1250eb631c29bc3165c93594fc1601e1bff360d555190b964aa64b3ce0bdab94390422150537e06092371086a5f482b86e187a0e64cb3344943b0e9

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral18

    • Target

      pepew(Copy 27).bat

    • Size

      176B

    • MD5

      fdd625de58d899ac50e60a564b6e1fde

    • SHA1

      58bc3ec56ccbf0ac7c6ff03b9a1b73978015b414

    • SHA256

      bee34565343dee845f5ec1cce971926825b01b0617c5ff71e8cfddeeaa410b68

    • SHA512

      6838e1d0b2bf9404c5957387418317155499a597b9de34aa59242ed80f618fda1decea14f8c8cfc11409835948dc8e8a441c8fb44de635d087d229103abda865

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral19

    • Target

      pepew(Copy 28).bat

    • Size

      176B

    • MD5

      a3e3335bb70b74ac6094449392cb86e0

    • SHA1

      8bde9efbc592a4ff4357784b95638dc9f328fdfe

    • SHA256

      5de8511d377020bebbd55b6ee945c846de7006ad7a6bcb0fef62fb138ea7217d

    • SHA512

      63acfee570e1710c9f099cf666fd1d427cd33d95b4ac7b78eada90df70de782224d48590b29710f5f0d4cc1c393809c604e854884992b4f18b761e42f98f535c

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral20

    • Target

      pepew(Copy 29).bat

    • Size

      176B

    • MD5

      d3b4f305acb51ff674a5919941fafb6a

    • SHA1

      38393c139867b4f8479eb59ea699554d9d94940d

    • SHA256

      588a326b40da15bd08acef5eebc39475fddcb350fd180b6103ef932a46914fa0

    • SHA512

      75a8113a1a0491f4630a839c10d51aeb9d006798fdd537d98399bdb4bf9138726e4e3f5a19b02d65d5ca5f75a2fc692bc977baccf1b63c2a943d8b5ad2d11583

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral21

    • Target

      pepew(Copy 3).bat

    • Size

      175B

    • MD5

      3d1dcf9b9206f3e9e207e215b3902f33

    • SHA1

      35e032fa320e1f5efab79188a902fe1d5d581e15

    • SHA256

      7713427365e7bbddcc5cd0903f7d847942b79c67640c085e8f5b1d5f70a7776e

    • SHA512

      69d889cbf1f98ed207f03ed5dc9332f773332085d46fb8462200d80b155dfa8d772a88c04a4abf56bc3f0ee8eaf963d85b4e4bad85d65a162e368e219f4848ef

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral22

    • Target

      pepew(Copy 30).bat

    • Size

      176B

    • MD5

      c361842766ab9262fe602b0d51818a8b

    • SHA1

      3a85dc61a3e95e94cdd14c201e9f0a7e39ce8a18

    • SHA256

      eb42e1a668af0050960419a87301d8d924aa984f498d1ad3b80b0c00aea553e6

    • SHA512

      78f93a31406608912a37cc260ca67e91ddebd6f06e6909487b6b9cb5a80b7723e93a2b6fe983d52468840b827c8e94a10e0abe797a90948dde9bc8f4ff249c80

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral23

    • Target

      pepew(Copy 31).bat

    • Size

      176B

    • MD5

      5db260cece072194c1ca0ad6588cf989

    • SHA1

      8bb1301a0937fbac59dd87b052bc8ae7603104f7

    • SHA256

      091caee50e1275b65e06d1e93a473ce5e9d5e23a73a74a02dfd8c6f11baa7cf4

    • SHA512

      5a9d1e00bd0ec4095f742a06f19c600f63c0c5c5d6e9ea64f64a134cb415475b7b87b8f33557c8cd8d255ee89feaca66275d6bb8fc3888ad1d83060842bcc269

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral24

    • Target

      pepew(Copy 32).bat

    • Size

      176B

    • MD5

      c8a1c161e35b31824e37e74357740f85

    • SHA1

      3fd499d0f75245d8286273bce80abb3adf0e37bc

    • SHA256

      88413a3c3e58e7427f92de0083923b8e88ef1fbbd00b44c1be4c5c752db9f895

    • SHA512

      f122e0d4d9a94032166cac27c8ee968c344b8b0fa6c2b8c2f4c7ba5fb4b8c213f277c20eed88cfeca58065f6c435e6d334d1e757bdc65993de47b7a0ebcccf3f

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral25

    • Target

      pepew(Copy 4).bat

    • Size

      175B

    • MD5

      b43d31908194f415bc9f5731578f2c20

    • SHA1

      ff8fcc259f2ac3c315de0ca64afcc9180f7fa630

    • SHA256

      0aa4b29b1a88d23e9adb298b134d16e51170a8ac1f1b722fbbe71dddc355d645

    • SHA512

      b7e49eb27fe2c2eea2b008ab87a9bdd304e07f825913fab4021737a13d6f72d2e37e5d91168a6fd27b007a47e08b9e46cc7ed69e6cf511058631e73da432030b

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral26

    • Target

      pepew(Copy 5).bat

    • Size

      175B

    • MD5

      cf233dad5e1bacdb05c817a32f811898

    • SHA1

      a1fadaa82ff18be0f1e60ad16a763cc3f70abb80

    • SHA256

      f5395d0575ec779857dc6681b87929fcf900279e66c7c5725c0dd75d6b2025f8

    • SHA512

      2b2011c818d4f79b4c70a7eda9071a35ef12073d30f9554b2d42a8b913d367bdd3a18fd8b861acf4ec73e43b058847a97ee1f842aaf8ea155f80123401c0f45d

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral27

    • Target

      pepew(Copy 6).bat

    • Size

      175B

    • MD5

      d59d9c28c517a630fcc53c79a0645370

    • SHA1

      9177efd52640846f69c167d7ac1c7e0385cb961d

    • SHA256

      b38b6beddec1ff0cddabbeba97cfbf0c97d623c6819b6a55adfa011f70cec568

    • SHA512

      f48f73115fcc3e2dbb15bbf40a571dd8525352816206be23f28c9c402b8d98d885a52dd5cc61bd07f80cd8ba590f66a930ee770abcb529dd6eb6333552b71b2c

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral28

    • Target

      pepew(Copy 7).bat

    • Size

      175B

    • MD5

      938536bbf3af93a25b26f68b1d89595c

    • SHA1

      e091f29eaa7f56134f7c786911a79877625d403e

    • SHA256

      f59e5ef397f46a6d61a4e88ed33cb4d17086e92bb7aba7908a7578714fb2a809

    • SHA512

      2bdf21af75efb3bf4077f8b03e5cd242df911bbdda0db36349d74bc26176ee4c716bf1f5f25c8df2b91a78b80f4c61f817d8d9ef15fa4a78ba50a383617425c5

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral29

    • Target

      pepew(Copy 8).bat

    • Size

      175B

    • MD5

      bd8cb0565a161f0adb4d5ad75b2f9726

    • SHA1

      70656d40bcffb3f548055fd9fad573aec56e690f

    • SHA256

      790d93af307c926a5ffcc0d88835d82920a8a8542d94bf21d3ad945051f36280

    • SHA512

      2271a0dcd3963f8612a305281967b494be95b80a31938d6c43175d1918a298c5bc55bc379a334362737bead297f30c5610e0ddf798e3ccc01a4f66ba3ad945fe

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral30

    • Target

      pepew(Copy 9).bat

    • Size

      175B

    • MD5

      52fa7d1cae83d92b72a6e8d53f3ca434

    • SHA1

      e1dd1b61d5796647ef87be7e4abd206beca5b719

    • SHA256

      0d3aba6f605216c381c36399abc479bfd2c377c41f89625ee4009e42d30b3b40

    • SHA512

      ad2a4785a14151af8dfb789bdf2679eb94d7bfdd16ff77bf4b8b40d19741c4786eec15d85c74ef37d93cfeb9998451f9566a59e2fc967917a3528ed07b3d8747

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral31

    • Target

      pepew.bat

    • Size

      176B

    • MD5

      461c64fdf3fed320afffd63bb89f9552

    • SHA1

      b7c9f306fe63d6582ab1be86f74c2c6a8f1f19af

    • SHA256

      b3c8d929704d4bea97e9cf4dc21be8f9c3c57e12a0f99fc5e920c8f300ead4f2

    • SHA512

      6f15fd024c26750c63fbb73ad769bb74c351a58e9af2f53dac3d23fd32c4facc35968c097c0a51dec12accce5af738a332fab18ffacc443d73776181a436a36f

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral32

MITRE ATT&CK Matrix

Tasks