General
-
Target
https://drive.google.com/drive/folders/1lJeAGTiLzgGitTddNHLS-0BF7AJ18CVF
-
Sample
240724-ret9pashjd
Malware Config
Targets
-
-
Target
https://drive.google.com/drive/folders/1lJeAGTiLzgGitTddNHLS-0BF7AJ18CVF
Score9/10-
Clears Windows event logs
-
Event Triggered Execution: Image File Execution Options Injection
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Power Settings
1Privilege Escalation
Event Triggered Execution
2Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Ignore Process Interrupts
1Indicator Removal
3Clear Persistence
1Clear Windows Event Logs
1File Deletion
1Indirect Command Execution
1