General

  • Target

    https://github.com/pankoza2-pl/GDI-Programs-by-fr4ctalz

  • Sample

    240818-p7y28sthrf

Malware Config

Targets

    • Target

      https://github.com/pankoza2-pl/GDI-Programs-by-fr4ctalz

    • Disables Task Manager via registry modification

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks