General

  • Target

    DaddyMadu-Windows-Optimizer.bat

  • Size

    9KB

  • Sample

    240815-sr7k8aydqh

  • MD5

    453b29a2c477aa84c97285b7334c43c6

  • SHA1

    4f6640464df12d128584067741a917c1d8adf976

  • SHA256

    254a1b759ec149b625aa975ebd6cdf155cc6d513ceeccfbcc03aa3a14356c162

  • SHA512

    5a49897433600b2b11d1ea21056f00b626447d199f0faf4ed70e37c9091026820e39f9bd49e4d167702991dfc4852590c5de4df20a52bc07a0ea877b9dc97791

  • SSDEEP

    192:Z4TfI3NGRTDBPdDYQBiUnBxn5oCobCAoC4jIymBAlBsPfjhNlLGKbqtC1:K0NGNDVdDYQz9/jawOeqDd

Malware Config

Targets

    • Target

      DaddyMadu-Windows-Optimizer.bat

    • Size

      9KB

    • MD5

      453b29a2c477aa84c97285b7334c43c6

    • SHA1

      4f6640464df12d128584067741a917c1d8adf976

    • SHA256

      254a1b759ec149b625aa975ebd6cdf155cc6d513ceeccfbcc03aa3a14356c162

    • SHA512

      5a49897433600b2b11d1ea21056f00b626447d199f0faf4ed70e37c9091026820e39f9bd49e4d167702991dfc4852590c5de4df20a52bc07a0ea877b9dc97791

    • SSDEEP

      192:Z4TfI3NGRTDBPdDYQBiUnBxn5oCobCAoC4jIymBAlBsPfjhNlLGKbqtC1:K0NGNDVdDYQz9/jawOeqDd

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Download via BitsAdmin

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks