General
-
Target
Koa_Paid_Tweak_Tool.bat
-
Size
87KB
-
Sample
240921-bvhylayflm
-
MD5
2523b7ade7ef2ab0364cf7af2480780b
-
SHA1
f0a796bbe87cbedb2422f1a30ed679910b16eec8
-
SHA256
fb97d6ec1b1de59c4f02b55c8f95e756a13f9119f4bd08e77e832890ae529317
-
SHA512
3cef3cd7f42f3950ae5d683762747cbc8fbbeba37d8e761e2dffb6ac2469db992023407ed8dd62f2f4bcdc3be91c3de03b8af834a93e423651f1c3548cd9fe3a
-
SSDEEP
384:0jW4urpgB0TBp1uFuyIBmGlngbuPPqoeV9WIblw8WGDyLNZfKGDyLNZfU9a1QL:n80TBWQyEjPqoC9yiU0QL
Malware Config
Targets
-
-
Target
Koa_Paid_Tweak_Tool.bat
-
Size
87KB
-
MD5
2523b7ade7ef2ab0364cf7af2480780b
-
SHA1
f0a796bbe87cbedb2422f1a30ed679910b16eec8
-
SHA256
fb97d6ec1b1de59c4f02b55c8f95e756a13f9119f4bd08e77e832890ae529317
-
SHA512
3cef3cd7f42f3950ae5d683762747cbc8fbbeba37d8e761e2dffb6ac2469db992023407ed8dd62f2f4bcdc3be91c3de03b8af834a93e423651f1c3548cd9fe3a
-
SSDEEP
384:0jW4urpgB0TBp1uFuyIBmGlngbuPPqoeV9WIblw8WGDyLNZfKGDyLNZfU9a1QL:n80TBWQyEjPqoC9yiU0QL
Score10/10-
UAC bypass
-
Event Triggered Execution: Image File Execution Options Injection
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Image File Execution Options Injection
1Power Settings
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1