General
-
Target
https://u5508193.ct.sendgrid.net/ls/click?upn=ixhKURVLJcbA2tXqdftGSsfCM-2BwOmFzlt0eOoM0NyeBq9-2Bmygo7PXP8-2BaWKIUh6Cq4NZP4qLo3ujJpOJ7iVe-2FwpJHh8SIyJ1jBsZJI1vZ-2BBeafgp-2BomH4XvQTk-2FHNfrDzjpwO7rxctOq3nXdPlRGjiz94uPtPo7ih2TCloEzpJ695k2vE0YYfCFr5QshmympGnb1_si52RC6zvqCZnXAviXfkiwxbn-2FVUQeKoGXbWkXzjPY3YBJjTaH6WP0O0ZO9yjN-2BW9AsLdN4WaoyFzAJ7Gi1xHKtRRj9yW-2B9HmcdjbFcoDelmqSL-2FyrIuftSknPUBBnziM0nrzwWpaeMCrFIYvBb-2Bh6M9VG4b3aF-2Bp4BEDDNO197sXPlMUCU3x2xaFr3feukJh-2FWfCR0F9qVU6s90aScvrQ-3D-3D
-
Sample
200922-llql6tgr12
Static task
static1
Behavioral task
behavioral1
Sample
https://u5508193.ct.sendgrid.net/ls/click?upn=ixhKURVLJcbA2tXqdftGSsfCM-2BwOmFzlt0eOoM0NyeBq9-2Bmygo7PXP8-2BaWKIUh6Cq4NZP4qLo3ujJpOJ7iVe-2FwpJHh8SIyJ1jBsZJI1vZ-2BBeafgp-2BomH4XvQTk-2FHNfrDzjpwO7rxctOq3nXdPlRGjiz94uPtPo7ih2TCloEzpJ695k2vE0YYfCFr5QshmympGnb1_si52RC6zvqCZnXAviXfkiwxbn-2FVUQeKoGXbWkXzjPY3YBJjTaH6WP0O0ZO9yjN-2BW9AsLdN4WaoyFzAJ7Gi1xHKtRRj9yW-2B9HmcdjbFcoDelmqSL-2FyrIuftSknPUBBnziM0nrzwWpaeMCrFIYvBb-2Bh6M9VG4b3aF-2Bp4BEDDNO197sXPlMUCU3x2xaFr3feukJh-2FWfCR0F9qVU6s90aScvrQ-3D-3D
Resource
win10
Malware Config
Extracted
buer
https://104.248.83.13/
Targets
-
-
Target
https://u5508193.ct.sendgrid.net/ls/click?upn=ixhKURVLJcbA2tXqdftGSsfCM-2BwOmFzlt0eOoM0NyeBq9-2Bmygo7PXP8-2BaWKIUh6Cq4NZP4qLo3ujJpOJ7iVe-2FwpJHh8SIyJ1jBsZJI1vZ-2BBeafgp-2BomH4XvQTk-2FHNfrDzjpwO7rxctOq3nXdPlRGjiz94uPtPo7ih2TCloEzpJ695k2vE0YYfCFr5QshmympGnb1_si52RC6zvqCZnXAviXfkiwxbn-2FVUQeKoGXbWkXzjPY3YBJjTaH6WP0O0ZO9yjN-2BW9AsLdN4WaoyFzAJ7Gi1xHKtRRj9yW-2B9HmcdjbFcoDelmqSL-2FyrIuftSknPUBBnziM0nrzwWpaeMCrFIYvBb-2Bh6M9VG4b3aF-2Bp4BEDDNO197sXPlMUCU3x2xaFr3feukJh-2FWfCR0F9qVU6s90aScvrQ-3D-3D
-
Buer Loader
Detects Buer loader in memory or disk.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-