General

  • Target

    Nuevodocumentodetexto.bat

  • Size

    683B

  • Sample

    250119-vjyz8axnhj

  • MD5

    fb0d0067d454ee338cc8d92c29925607

  • SHA1

    ad5090a85acaf8312d9064006b343049d2e34fc6

  • SHA256

    be379c2bc8444d4ee609994a2d2cc9758ff0be1584aa8e41b1fc3c0ee781972a

  • SHA512

    f955f4da01c0904eae778f25cfb960b5856fd06543d5b863c6bcfd75221a7b517e75ce7352ea54a98fc123b40460112b3c36eb4bcb1ce19b01641c1ac3763b47

Malware Config

Targets

    • Target

      Nuevodocumentodetexto.bat

    • Size

      683B

    • MD5

      fb0d0067d454ee338cc8d92c29925607

    • SHA1

      ad5090a85acaf8312d9064006b343049d2e34fc6

    • SHA256

      be379c2bc8444d4ee609994a2d2cc9758ff0be1584aa8e41b1fc3c0ee781972a

    • SHA512

      f955f4da01c0904eae778f25cfb960b5856fd06543d5b863c6bcfd75221a7b517e75ce7352ea54a98fc123b40460112b3c36eb4bcb1ce19b01641c1ac3763b47

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks