General

  • Target

    runasadmin.bat

  • Size

    1KB

  • Sample

    240522-wntfzabc59

  • MD5

    27385fc8820b394db863c320f3bb48f2

  • SHA1

    5c231e5d149ff97d8d435ef9442a41a94eecf716

  • SHA256

    f7d324eec5fc6cec83bdafd21c65e6909d847c7ea40091b87243bfd5c2c0f549

  • SHA512

    66133441896602787b60e604962f181f06171d101765da80813a952636f245ace68d51971709f783749ee4f41ef9860912de82f5d87485c278635f6f82a802c0

Malware Config

Targets

    • Target

      runasadmin.bat

    • Size

      1KB

    • MD5

      27385fc8820b394db863c320f3bb48f2

    • SHA1

      5c231e5d149ff97d8d435ef9442a41a94eecf716

    • SHA256

      f7d324eec5fc6cec83bdafd21c65e6909d847c7ea40091b87243bfd5c2c0f549

    • SHA512

      66133441896602787b60e604962f181f06171d101765da80813a952636f245ace68d51971709f783749ee4f41ef9860912de82f5d87485c278635f6f82a802c0

MITRE ATT&CK Matrix ATT&CK v13

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

File and Directory Permissions Modification

1
T1222

Impact

Service Stop

1
T1489

Tasks