“the script ’ s task is to read the content of the created registry key, decode it, and transfer control to the resulting script. - ping an ip logger service at https [ : ] / / maper [. ] info / 2x5tf5 to let the attackers know the infection was successful. this wraps up the prima…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
93%
“current process without popping up a command console or launching the interpreter. as soon as the required exclusions are set, the trojanized proxifier. exe extracts and launches the real proxifier installer. meanwhile, it quietly continues the infection in the background : it cr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
86%
“current process without popping up a command console or launching the interpreter. as soon as the required exclusions are set, the trojanized proxifier. exe extracts and launches the real proxifier installer. meanwhile, it quietly continues the infection in the background : it cr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
77%
“current process without popping up a command console or launching the interpreter. as soon as the required exclusions are set, the trojanized proxifier. exe extracts and launches the real proxifier installer. meanwhile, it quietly continues the infection in the background : it cr…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
77%
“the script ’ s task is to read the content of the created registry key, decode it, and transfer control to the resulting script. - ping an ip logger service at https [ : ] / / maper [. ] info / 2x5tf5 to let the attackers know the infection was successful. this wraps up the prima…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
60%
“text document. that executable is actually a malicious wrapper bundled around the legitimate proxifier installer, while the text file helpfully offers activation keys for the software. once launched, the trojan ’ s first order of business is to add an exception to microsoft defen…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
60%
“text document. that executable is actually a malicious wrapper bundled around the legitimate proxifier installer, while the text file helpfully offers activation keys for the software. once launched, the trojan ’ s first order of business is to add an exception to microsoft defen…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
45%
“in several different ways at once. the script from pastebin continues the download chain. this time, the payload is located on github. it ’ s a massive script, clocking in at around 500 kb. interestingly, the bulk of the file is just one long base64 string. after decoding it and …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.