Overview

overview

9

Static

static

1

URLScan

urlscan

1

https://tweakcentral...

windows10-2004-x64

Resubmissions

05-09-2024 16:43

240905-t8j2xswbkf 3

05-09-2024 16:35

240905-t34jdawakf 9

05-09-2024 16:34

240905-t3hxnswajh 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://tweakcentral.net/downloads/azurite

  • Sample

    240905-t34jdawakf

Score
9/10
discoveryevasionexecutionlateral_movementpersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      https://tweakcentral.net/downloads/azurite

    Score
    9/10
    discoveryevasionexecutionlateral_movementpersistenceprivilege_escalationransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix

Tasks