14d7c600241a47f887312eeefd191744372d082dcb7d2925a36bad24f4e3723d

General

Target

FoxOS v3.bat
Size

49KB
Sample

241130-axwrssypbk
MD5

12d029a7e23cf93caf2861388cdc621f
SHA1

e6ed2fca26736853e6259cd204acfc0258d8504d
SHA256

14d7c600241a47f887312eeefd191744372d082dcb7d2925a36bad24f4e3723d
SHA512

cd111ec1a28976110e82524d4e06c67171b926e1b52c325bed3c9685b772a36ac7844e5d627a612e8a7f51b6ab973ca6426d347fd9ef4b4da987bbb0100cf1fe
SSDEEP

768:DJDybQxERltKtG3c1PsPQSAqEu36pvbsA0aDm3vDkZ/a9Jk:DJDybkGOzqEu3CvbsA0aN

Score

8^/10

Malware Config

Targets

- Target
  
  FoxOS v3.bat
- Size
  
  49KB
- MD5
  
  12d029a7e23cf93caf2861388cdc621f
- SHA1
  
  e6ed2fca26736853e6259cd204acfc0258d8504d
- SHA256
  
  14d7c600241a47f887312eeefd191744372d082dcb7d2925a36bad24f4e3723d
- SHA512
  
  cd111ec1a28976110e82524d4e06c67171b926e1b52c325bed3c9685b772a36ac7844e5d627a612e8a7f51b6ab973ca6426d347fd9ef4b4da987bbb0100cf1fe
- SSDEEP
  
  768:DJDybQxERltKtG3c1PsPQSAqEu36pvbsA0aDm3vDkZ/a9Jk:DJDybkGOzqEu3CvbsA0aN
Score

8^/10

execution lateral_movement persistence
- Boot or Logon Autostart Execution: Port Monitors
  Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
  persistence
- Boot or Logon Autostart Execution: Print Processors
  Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Remote Services: SMB/Windows Admin Shares
  Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
  lateral_movement
behavioral1