[SANS ISC] Deobfuscation of Malware Delivered Through a .bat File | allinfosecnews.com

July 20, 2023, 8:45 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Today, I published the following diary on isc.sans.edu: “Deobfuscation of Malware Delivered Through a .bat File“:

I found a phishing email that delivered a RAR archive (password protected). Inside the archive, there was a simple .bat file (SHA256: 57ebd5a707eb69dd719d461e1fbd14f98a42c6c3dcb8505e4669c55762810e70) with the following name: “SRI DISTRITAL – DPTO DE COBRO -SRI Informa-Deuda pendiente.bat”. Its current VT score is only 1/59!

Let’s have a look at this file! After the classic “@echo off”, there is a very long line that …

archive bat bat file deobfuscation edu email file isc malware name password phishing rar sans sans.edu sans isc sha256 simple today

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 14 hours ago | malware.news

bytecode code detect found +12

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 1 day, 2 hours ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 1 day, 3 hours ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 1 day, 3 hours ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 1 day, 4 hours ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 1 day, 4 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 1 day, 4 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 1 day, 4 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 1 day, 5 hours ago | malware.news

alerting article attack change +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States

View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States

View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India

View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States

View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052

View on infosec-jobs.com