Pattharadanai Sanitjairak
aa236952ec
* Adding T1059 and T1071 * Update T1071.md * Delete atomics/T1071/src directory * Add files via upload * change localhost to 127.0.0.1 in T1070.yaml * Update T1071.md * Update T1071.md --------- Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
35 lines
887 B
AutoIt
35 lines
887 B
AutoIt
; This script demonstrates obfuscation techniques and suspicious behaviors
|
|
|
|
; Hide the AutoIt window
|
|
#NoTrayIcon
|
|
|
|
; Delay execution to avoid detection
|
|
Sleep(2000)
|
|
|
|
; Randomize variable names and function calls to evade static analysis
|
|
Local $s = "calc"
|
|
Local $x = "o"
|
|
Local $y = "i"
|
|
Local $z = "e"
|
|
Local $t = "r"
|
|
Local $a = "c"
|
|
Local $b = "t"
|
|
Local $c = "x"
|
|
Local $d = "e"
|
|
Local $e = "u"
|
|
Local $f = "a"
|
|
Local $g = "s"
|
|
|
|
; Create variables to store command strings
|
|
Local $command1 = $s & $x & $y & $z & $t & $a & $b & $c & $d & $e & $f & $g
|
|
Local $command2 = $s & $t & $y & $a & $c & $t
|
|
|
|
; Mimic the launch of a potentially malicious process
|
|
Run("powershell -Command ""Start-Process -FilePath 'calc.exe' -WindowStyle Hidden""", "", @SW_HIDE)
|
|
|
|
; Generate random delays between commands to avoid pattern detection
|
|
Sleep(Random(1000, 3000))
|
|
|
|
; Exit the script to avoid further detection
|
|
Exit
|