hxxps://google[.]com | Triage

Submit
Reports

Overview

overview

8

Static

static

URLScan

urlscan

1

https://google.com

windows10-2004-x64

8

Resubmissions

21-08-2022 14:53

220821-r9e39aahej 8

20-08-2022 19:34

220820-yajeysada3 8

18-08-2022 19:56

220818-ynvp5seac3 8

14-08-2022 21:38

220814-1hgbnsddf5 8

18-07-2022 04:40

220718-fajfvaafdl 1

18-07-2022 04:26

220718-e2lvlsaegj 8

16-07-2022 04:29

220716-e4rtmsgeg3 8

16-07-2022 03:58

220716-ejzczsgde2 8

11-07-2022 19:19

220711-x1h2facabn 10

10-07-2022 23:55

220710-3yffesdfan 10

Sharing

General

Target

https://google.com
Sample

220818-ynvp5seac3

Score

8^/10

bootkit google persistence phishing

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://google.com

Resource

win10v2004-20220812-en

bootkit google persistence phishing

windows10-2004-x64

19 signatures

1800 seconds

Malware Config

Targets

- Target
  
  https://google.com
Score

8^/10

bootkit google persistence phishing
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Detected potential entity reuse from brand google.
  phishing google
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

urlscan1

behavioral1

bootkitgooglepersistencephishing

© 2018-2024

Terms | Privacy