General
-
Target
https://cdn.discordapp.com/attachments/1278653048993873995/1279109880216682536/V_I_T_A_L_I_T_Y.bat?ex=66d68b28&is=66d539a8&hm=51a010ca88431e46206aa4cb492b9a5a13ded148ca92b1ed0ff7daca7f36c45d&
-
Sample
240902-qrsqys1dnr
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1278653048993873995/1279109880216682536/V_I_T_A_L_I_T_Y.bat?ex=66d68b28&is=66d539a8&hm=51a010ca88431e46206aa4cb492b9a5a13ded148ca92b1ed0ff7daca7f36c45d&
Score8/10-
Modifies RDP port number used by Windows
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
MITRE ATT&CK Matrix ATT&CK v13
Discovery
Query Registry
6System Information Discovery
7Peripheral Device Discovery
2Browser Information Discovery
1System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Remote System Discovery
1