General
-
Target
https://cdn.discordapp.com/attachments/979384913834938368/1243633677062111294/0_Delay.bat?ex=66522f9e&is=6650de1e&hm=c314ecde3dedeab2fdae681e6f1323f78e13f799629c6b66f6166967bd4552e4&
-
Sample
240524-1zppdacg3t
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/979384913834938368/1243633677062111294/0_Delay.bat?ex=66522f9e&is=6650de1e&hm=c314ecde3dedeab2fdae681e6f1323f78e13f799629c6b66f6166967bd4552e4&
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
Modifies security service
-
Modifies visibility of file extensions in Explorer
-
Turns off Windows Defender SpyNet reporting
-
UAC bypass
-
Modifies boot configuration data using bcdedit
-
Command and Scripting Interpreter: PowerShell
Start PowerShell.
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
9Impair Defenses
3Disable or Modify Tools
3Hide Artifacts
1Hidden Files and Directories
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1