Overview

overview

9

Static

static

9

EliteOptimizer.rar

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EliteOptimizer.rar

  • Size

    189.5MB

  • Sample

    241119-c2lhqsyph1

  • MD5

    8928d75e505886726469f77f4782ae94

  • SHA1

    060d0cb98950dda87b5b0f64bb4160ba3ad24f07

  • SHA256

    376c01cb99de2b3a737c091b33ccebb569c54d43f85f4b3aa4f855776e1cf72b

  • SHA512

    2af4303b43bca06f540845d1e34e085553b8a9eb84e45801a665ced7cde07e2be94822c8b6eba59b93122197dd272fb5155799e6625f2a96190d76d23f30824e

  • SSDEEP

    3145728:OVjnONrbwYmUznd70jRIeXpbHRxSBye9fNykKmk6dzNUqDEpsxjDoVH/decKw10S:UzZ/UqpbHRx6ye9g0dzzD598VTCKgYDl

Score
9/10
defense_evasiondiscoveryexecutionexploitpersistenceprivilege_escalationupxvmprotect

Malware Config

Targets

    • Target

      EliteOptimizer.rar

    • Size

      189.5MB

    • MD5

      8928d75e505886726469f77f4782ae94

    • SHA1

      060d0cb98950dda87b5b0f64bb4160ba3ad24f07

    • SHA256

      376c01cb99de2b3a737c091b33ccebb569c54d43f85f4b3aa4f855776e1cf72b

    • SHA512

      2af4303b43bca06f540845d1e34e085553b8a9eb84e45801a665ced7cde07e2be94822c8b6eba59b93122197dd272fb5155799e6625f2a96190d76d23f30824e

    • SSDEEP

      3145728:OVjnONrbwYmUznd70jRIeXpbHRxSBye9fNykKmk6dzNUqDEpsxjDoVH/decKw10S:UzZ/UqpbHRx6ye9g0dzzD598VTCKgYDl

    Score
    9/10
    defense_evasiondiscoveryexecutionexploitpersistenceprivilege_escalationupxvmprotect

    • Modifies boot configuration data using bcdedit

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Possible privilege escalation attempt

      exploit

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Active Setup

1
T1547.014

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

File and Directory Permissions Modification

2
T1222

Windows File and Directory Permissions Modification

1
T1222.001

Modify Registry

2
T1112

Credential Access

Discovery

Peripheral Device Discovery

3
T1120

Query Registry

6
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks