General

  • Target

    Twitch-Patcheur-30.2.1-Windows-Installer.exe

  • Size

    346KB

  • Sample

    240817-w6gj5atalm

  • MD5

    ab09ac3114e7920de492f02c47489895

  • SHA1

    bcb0127ab885aef339218be3abf20651632e728d

  • SHA256

    f0ecd08d69bad177695b2874833106929ab2bf6832a8389b993f212da6cfc6ec

  • SHA512

    bf0a427ed8feac16313a54bc450fe1543979902f056bb611b35f18cbcb925d8bed30c1c1a8ffaeb656d5d4ed949a21195b90a9c6084e9d8d5366a82b036a91f9

  • SSDEEP

    6144:Bt5hBPi0BW69hd1MMdxPe9N9uA069TBkcOAF4fffNJmfg+O+j8kw7V8:Btzww69TWcHF4fffNJmfg+O+jfZ

Malware Config

Targets

    • Target

      Twitch-Patcheur-30.2.1-Windows-Installer.exe

    • Size

      346KB

    • MD5

      ab09ac3114e7920de492f02c47489895

    • SHA1

      bcb0127ab885aef339218be3abf20651632e728d

    • SHA256

      f0ecd08d69bad177695b2874833106929ab2bf6832a8389b993f212da6cfc6ec

    • SHA512

      bf0a427ed8feac16313a54bc450fe1543979902f056bb611b35f18cbcb925d8bed30c1c1a8ffaeb656d5d4ed949a21195b90a9c6084e9d8d5366a82b036a91f9

    • SSDEEP

      6144:Bt5hBPi0BW69hd1MMdxPe9N9uA069TBkcOAF4fffNJmfg+O+j8kw7V8:Btzww69TWcHF4fffNJmfg+O+jfZ

    • Blocklisted process makes network request

    • Download via BitsAdmin

    • Possible privilege escalation attempt

    • Drops startup file

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks