General
-
Target
https://cdn.discordapp.com/attachments/1238808121997135882/1238808309419479060/EXMPremiumTweaker.bat?ex=6651c524&is=665073a4&hm=4fd2bdfccecacd891f645f79f41f410fc8fd5767b29726a6cf32a73d1207f3b3&
-
Sample
240524-r3d8dahh22
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1238808121997135882/1238808309419479060/EXMPremiumTweaker.bat?ex=6651c524&is=665073a4&hm=4fd2bdfccecacd891f645f79f41f410fc8fd5767b29726a6cf32a73d1207f3b3&
Score10/10-
Disables service(s)
-
UAC bypass
-
Modifies boot configuration data using bcdedit
-
Sets file execution options in registry
-
Stops running service(s)
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
2Service Execution
2Command and Scripting Interpreter
1PowerShell
1Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
2Modify Registry
4