b66cd5d6a39c016d0c39e270bed5cc8dbeb1920b3f827d78bc9d36a4a1e3f84f | Triage

Resubmissions

07-07-2024 23:12

240707-26tgkstaqe 10

Sharing

General

Target

Oneclick-V6.7.bat
Size

202KB
Sample

240707-26tgkstaqe
MD5

4acd7d1e7294d4ab4e9db8977d5135e4
SHA1

07c5474fcd09ff5843df3f776d665dcf0eef4284
SHA256

b66cd5d6a39c016d0c39e270bed5cc8dbeb1920b3f827d78bc9d36a4a1e3f84f
SHA512

d45a1a26440116df843fbef3bc86a727267cc687f59f9062ef9a66c08a3581c9903d568303d5700dacaad7f5e398601211841328e1784989822d644a426b2d36
SSDEEP

1536:97SPKdigMQgPTjIV4wJzSwTgfGH/ngfHH4pX/paZSiDk2IWOmXmomk:9nnHgvOh4KmXmomk

Score

10^/10

defense_evasion evasion execution persistence privilege_escalation ransomware trojan

Malware Config

Targets

- Target
  
  Oneclick-V6.7.bat
- Size
  
  202KB
- MD5
  
  4acd7d1e7294d4ab4e9db8977d5135e4
- SHA1
  
  07c5474fcd09ff5843df3f776d665dcf0eef4284
- SHA256
  
  b66cd5d6a39c016d0c39e270bed5cc8dbeb1920b3f827d78bc9d36a4a1e3f84f
- SHA512
  
  d45a1a26440116df843fbef3bc86a727267cc687f59f9062ef9a66c08a3581c9903d568303d5700dacaad7f5e398601211841328e1784989822d644a426b2d36
- SSDEEP
  
  1536:97SPKdigMQgPTjIV4wJzSwTgfGH/ngfHH4pX/paZSiDk2IWOmXmomk:9nnHgvOh4KmXmomk
Score

10^/10

defense_evasion evasion execution persistence privilege_escalation ransomware trojan
- Modifies visibility of file extensions in Explorer
  evasion
- UAC bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Component Object Model Hijacking

Power Settings

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Ignore Process Interrupts

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasionevasionexecutionpersistenceprivilege_escalationransomwaretrojan

behavioral2