General
-
Target
https://cdn.discordapp.com/attachments/1127512789418770513/1279463384948932700/CSOS_V1.zip?ex=66db2022&is=66d9cea2&hm=21cef1f90f3635458793f30db3fe0ebbcae7714acc26068073737a3003251fb4&
-
Sample
240905-ts2xssvgjd
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1127512789418770513/1279463384948932700/CSOS_V1.zip?ex=66db2022&is=66d9cea2&hm=21cef1f90f3635458793f30db3fe0ebbcae7714acc26068073737a3003251fb4&
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
4Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1