General
-
Target
https://tweakcentral.net/
-
Sample
240901-kgr4sawcqp
Score
9/10
Malware Config
Targets
-
-
Target
https://tweakcentral.net/
Score9/10-
Modifies boot configuration data using bcdedit
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops desktop.ini file(s)
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Matrix ATT&CK v13
Discovery
Query Registry
5System Information Discovery
5Peripheral Device Discovery
2Browser Information Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1