Tags:
family:chromelevator adware defense_evasion discovery execution hacktool persistence spyware stealer upx
Checks SCSI registry key(s)
Enumerates system info in registry
Kills process with taskkill
Modifies Internet Explorer settings
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Checks for VirtualBox DLLs, possible anti-VM trick
Adds Run key to start application
Contacts third-party web service commonly abused for C2
Enumerates connected drives
Looks up external IP address via web service
Checks computer location settings
Reads user/profile data of web browsers
Badlisted process makes network request
Boot or Logon Autostart Execution: Active Setup
Command and Scripting Interpreter: PowerShell
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.