f1bbcc5c678d174d858ae089f4494e3ea8bcfc418098d61804a15e437f08aff7

Target

Endermanch@ColorBug.exe
Size

53KB
MD5

6536b10e5a713803d034c607d2de19e3
SHA1

a6000c05f565a36d2250bdab2ce78f505ca624b7
SHA256

775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de
SHA512

61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Endermanch@ColorBug.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	Endermanch@ColorBug.exe

Modifies Control Panel 21 IoCs

evasion

Processes:

Endermanch@ColorBug.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\InactiveTitle = "118 237 222"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\Window = "152 108 188"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\WindowFrame = "36 244 174"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\MenuText = "237 176 236"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\TitleText = "207 61 69"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\AppWorkspace = "210 13 15"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\InactiveTitleText = "140 195 204"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\Menu = "113 195 150"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\WindowText = "63 18 106"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\Hilight = "209 61 30"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\ButtonFace = "39 49 98"	Endermanch@ColorBug.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\Background = "158 1 12"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\ActiveBorder = "49 161 213"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\InactiveBorder = "214 145 142"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\HilightText = "217 141 190"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\Scrollbar = "16 44 45"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\ActiveTitle = "97 216 32"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\ButtonShadow = "209 251 60"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\GrayText = "214 236 2"	Endermanch@ColorBug.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\Colors\ButtonText = "1 210 54"	Endermanch@ColorBug.exe

C:\Users\Admin\AppData\Local\Temp\Endermanch@ColorBug.exe
"C:\Users\Admin\AppData\Local\Temp\Endermanch@ColorBug.exe"
1⤵
- Adds Run key to start application
- Modifies Control Panel
PID:816

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads