The VMRay Labs team has uncovered a heavily obfuscated malicious batch file that has managed to evade detection on VirusTotal with no security vendors flagging it (0/64). 

This batch file reveals its full behavior only when it’s started by a double-click indicating an actual user, or via the command line, in which case it terminates early.

See why we think this is malicious in plain language.

See the whole path of the sample’s execution

Map the malicious activities on the MITRE ATT&CK Framework

Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams

Download the IOCs and artifacts to have a clear picture of the threat.

Download the files that the malware downloads, drops or modifies.