General
-
Target
https://cdn.discordapp.com/attachments/1238808121997135882/1238808309419479060/EXMPremiumTweaker.bat?ex=6651c524&is=665073a4&hm=4fd2bdfccecacd891f645f79f41f410fc8fd5767b29726a6cf32a73d1207f3b3&
-
Sample
240524-r3d8dahh22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1238808121997135882/1238808309419479060/EXMPremiumTweaker.bat?ex=6651c524&is=665073a4&hm=4fd2bdfccecacd891f645f79f41f410fc8fd5767b29726a6cf32a73d1207f3b3&
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1238808121997135882/1238808309419479060/EXMPremiumTweaker.bat?ex=6651c524&is=665073a4&hm=4fd2bdfccecacd891f645f79f41f410fc8fd5767b29726a6cf32a73d1207f3b3&
Score10/10-
Modifies boot configuration data using bcdedit
-
Sets file execution options in registry
-
Executes dropped EXE
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
2Service Execution
2Command and Scripting Interpreter
1PowerShell
1Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
2Modify Registry
4