3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf | Triage

Resubmissions

28/03/2025, 23:13

250328-27d4aavpy6 8

28/03/2025, 23:11

250328-26lrqsvpx2 8

Sharing

General

Target

mainversion.bat
Size

3KB
Sample

250328-27d4aavpy6
MD5

97422af7164bd8af68e3ff991ed685a5
SHA1

46f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4
SHA256

3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf
SHA512

72a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e

Score

8^/10

defense_evasion discovery exploit persistence

Malware Config

Targets

- Target
  
  mainversion.bat
- Size
  
  3KB
- MD5
  
  97422af7164bd8af68e3ff991ed685a5
- SHA1
  
  46f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4
- SHA256
  
  3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf
- SHA512
  
  72a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e
Score

8^/10

defense_evasion discovery exploit persistence
- Possible privilege escalation attempt
  exploit
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexploitpersistence

behavioral2

defense_evasiondiscoveryexploitpersistence