General

  • Target

    23122024_0139_PO.bat.zip

  • Size

    614KB

  • MD5

    334b5450d1cd155ca0f52e1746454581

  • SHA1

    aa9f94dacd259498fe75052be9c6625349853620

  • SHA256

    245d3f23439f2137b17429adc8cd243df06ce1d4ce3b1608fef8f77307f21f1d

  • SHA512

    21da639b0c53d255946e7465b54d13de6425adeb594072e1026d7bfdec820031064388d8483cfeb23fb1189ad1a3c576955e443ac4b87fa4f814e1b2fa3cb9a6

  • SSDEEP

    12288:9QM7aYmwRUlSNs0O8c1zf4h4hxmCsXXs56+n3kpT17kx:9pcrn1zf4hyMXXWn3kX7kx

Score
3/10

Malware Config

Signatures

  • Unsigned PE 3 IoCs

    Checks for missing Authenticode signature.

Files

  • 23122024_0139_PO.bat.zip
    .zip

    Password: infected

  • PO.bat
    .exe windows:4 windows x86 arch:x86

    Password: infected

    e2a592076b17ef8bfb48b7e03965a3fc


    Headers

    Imports

    Sections

  • $PLUGINSDIR/LangDLL.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    3e8d18bb71c7ebbda2ddc2a4bb03547b


    Headers

    Imports

    Exports

    Sections

  • $PLUGINSDIR/System.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    fc0224e99e736751432961db63a41b76


    Headers

    Imports

    Exports

    Sections

  • Blaakilde.Paa
  • Nonrurally/hklem.jpg
    .jpg

    Password: infected

  • Nonrurally/severization.eft
  • Pensionsydelsen.vgt
  • Rubinsteinkager107.ked
  • Unrightful.acc
  • adulterizes.txt