General

  • Target

    http://usps.com.manage.inventec.com.hk/usps/

  • Sample

    210917-q54qdafge7

Malware Config

Targets

    • Target

      http://usps.com.manage.inventec.com.hk/usps/

    Score
    10/10
    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation