General

  • Target

    Premium Tweaking tool.bat

  • Size

    271KB

  • Sample

    241105-rp7mrssjev

  • MD5

    582f18a848e7821a7fef4554b235fb0a

  • SHA1

    1f3f8b99ec4d0f571c37bfbc523ef269bfd6abb8

  • SHA256

    b6a833cf40137ed9c5379fb44ba92b1ef42496ec6a3c4034c9aff198fbc00a9a

  • SHA512

    dfe69a6959d90c717c6d4c9e68137c0e10dda5974b310df56c1fddeb556cf54bc6d702d1f75ee3910591f2b904d01ad051ebc3ea178fec512758e6558f949ebc

  • SSDEEP

    1536:Xv4aQDYzxJdVPopHDam0g/GhBTWVelrnE49XG4Yh3R9y:XgaQDYcVoqGrnE4RG4W3R9y

Malware Config

Targets

    • Target

      Premium Tweaking tool.bat

    • Size

      271KB

    • MD5

      582f18a848e7821a7fef4554b235fb0a

    • SHA1

      1f3f8b99ec4d0f571c37bfbc523ef269bfd6abb8

    • SHA256

      b6a833cf40137ed9c5379fb44ba92b1ef42496ec6a3c4034c9aff198fbc00a9a

    • SHA512

      dfe69a6959d90c717c6d4c9e68137c0e10dda5974b310df56c1fddeb556cf54bc6d702d1f75ee3910591f2b904d01ad051ebc3ea178fec512758e6558f949ebc

    • SSDEEP

      1536:Xv4aQDYzxJdVPopHDam0g/GhBTWVelrnE49XG4Yh3R9y:XgaQDYcVoqGrnE4RG4W3R9y

    • UAC bypass

    • Modifies boot configuration data using bcdedit

    • Disables taskbar notifications via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Indicator Removal: Clear Persistence

      remove IFEO.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks