Overview

overview

10

Static

static

1

Aprhdotite...1).bat

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Aprhdotite_Aim_Assist_Enchancing (1).bat

  • Size

    58KB

  • Sample

    240624-v1bw1sxcjm

  • MD5

    83700e3f4f7bd388da587b56b382f9d5

  • SHA1

    f4b00d5f2f8d0e95d18da88102d330d44dda24e0

  • SHA256

    1c43aa5997daaf921e52a5adb50d7f1bd11062c3c97e425129a297394502965e

  • SHA512

    2e3f573a0dc86923ee78e85300b0316dc6fbcc2f4a9fb2991b1c3fb7f4cc51b74613ef8d3ba0429233f0a60803dacc3f7d4f087de164b6105913cd4e811dca50

  • SSDEEP

    1536:dZZCvQEh1zCwdTCKyQah1zCwApIIqWz0KL:xIfz0E

Score
10/10
evasionexecutionpersistencetrojan

Malware Config

Targets

    • Target

      Aprhdotite_Aim_Assist_Enchancing (1).bat

    • Size

      58KB

    • MD5

      83700e3f4f7bd388da587b56b382f9d5

    • SHA1

      f4b00d5f2f8d0e95d18da88102d330d44dda24e0

    • SHA256

      1c43aa5997daaf921e52a5adb50d7f1bd11062c3c97e425129a297394502965e

    • SHA512

      2e3f573a0dc86923ee78e85300b0316dc6fbcc2f4a9fb2991b1c3fb7f4cc51b74613ef8d3ba0429233f0a60803dacc3f7d4f087de164b6105913cd4e811dca50

    • SSDEEP

      1536:dZZCvQEh1zCwdTCKyQah1zCwApIIqWz0KL:xIfz0E

    Score
    10/10
    evasionexecutionpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Modifies firewall policy service

      evasion

    • UAC bypass

      evasiontrojan

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

6
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks