d97a8782b1563f7c7ca71b9094f90c1737e8a04119501196e5c7ea7f30857393 | Triage

Resubmissions

03/08/2024, 00:31

240803-avfykawhnk 10

03/08/2024, 00:27

240803-ar85ya1dme 3

Sharing

Copy URL Twitter E-mail

General

Target

Optimizer-16.2.exe
Size

2.3MB
Sample

240803-avfykawhnk
MD5

a806a06bb01fd05fe4b684926eced231
SHA1

6f847968172f872e847bf782a9b7e320b4f42c1f
SHA256

d97a8782b1563f7c7ca71b9094f90c1737e8a04119501196e5c7ea7f30857393
SHA512

da773db62f89a504adb23d1627d7447d348c10edaabff396169bb48609ddfc4d7d007ecec515949a2f0e0d6a1c7fc43b0d1915618d6ad6aa3b2168cf38d47052
SSDEEP

24576:yMT024X4/G2hfOTJvZEC8UJkJBjk38WuBcAbwoA/BkjSHXP36RMG:yMo24X4/G2huEC8UeJCSA/Bkj0

Score

10^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  Optimizer-16.2.exe
- Size
  
  2.3MB
- MD5
  
  a806a06bb01fd05fe4b684926eced231
- SHA1
  
  6f847968172f872e847bf782a9b7e320b4f42c1f
- SHA256
  
  d97a8782b1563f7c7ca71b9094f90c1737e8a04119501196e5c7ea7f30857393
- SHA512
  
  da773db62f89a504adb23d1627d7447d348c10edaabff396169bb48609ddfc4d7d007ecec515949a2f0e0d6a1c7fc43b0d1915618d6ad6aa3b2168cf38d47052
- SSDEEP
  
  24576:yMT024X4/G2hfOTJvZEC8UJkJBjk38WuBcAbwoA/BkjSHXP36RMG:yMo24X4/G2huEC8UeJCSA/Bkj0
Score

10^/10

discovery evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Stops running service(s)
  evasion execution
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Power Settings

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistence