General
-
Target
FPS Boost 1.bat.zip
-
Size
4KB
-
Sample
241022-pzjmksvhpa
-
MD5
f606e366fe37903c4c0371dac16605de
-
SHA1
826e9869acc36c9f5befd821b57282720ffb4113
-
SHA256
a2ff096d30c78db38eaddf0629b7f26ce36b64588a2ae05b7b9c2a7e9fbe2c05
-
SHA512
a2cfa60e7aec6ccd4a361443d5f66d74dd7cd90bd9f0d1c5b4fda7a363988b180b645a55eec56efaea19379dfb9bceafc5d36b7b49332677c4330095bcae7555
-
SSDEEP
96:d1ASURY4tkC2avn9d45zF4mc52F3UFW2dGpxzx9p+7tex3v:vUR7SC2abyc52FEFPURowx3v
Static task
static1
Malware Config
Extracted
gurcu
https://api.telegram.org/bot7278641970:AAEHOVYteJH3T-Bg5zEPMUSj6sdFforQUZw/sendMessag
Targets
-
-
Target
FPS Boost 1.bat.zip
-
Size
4KB
-
MD5
f606e366fe37903c4c0371dac16605de
-
SHA1
826e9869acc36c9f5befd821b57282720ffb4113
-
SHA256
a2ff096d30c78db38eaddf0629b7f26ce36b64588a2ae05b7b9c2a7e9fbe2c05
-
SHA512
a2cfa60e7aec6ccd4a361443d5f66d74dd7cd90bd9f0d1c5b4fda7a363988b180b645a55eec56efaea19379dfb9bceafc5d36b7b49332677c4330095bcae7555
-
SSDEEP
96:d1ASURY4tkC2avn9d45zF4mc52F3UFW2dGpxzx9p+7tex3v:vUR7SC2abyc52FEFPURowx3v
-
Detect Xworm Payload
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Active Setup
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Active Setup
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
3Hidden Files and Directories
3Impair Defenses
1Disable or Modify Tools
1Modify Registry
5