General

  • Target

    https://debloat.win

  • Sample

    250529-pep9ma1qx6

Malware Config

Targets

    • Target

      https://debloat.win

    • Modifies visibility of file extensions in Explorer

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks