Overview

overview

8

Static

static

URLScan

urlscan

1

https://google.com

windows10-2004-x64

8

Resubmissions

21-08-2022 14:53

220821-r9e39aahej 8

20-08-2022 19:34

220820-yajeysada3 8

18-08-2022 19:56

220818-ynvp5seac3 8

14-08-2022 21:38

220814-1hgbnsddf5 8

18-07-2022 04:40

220718-fajfvaafdl 1

18-07-2022 04:26

220718-e2lvlsaegj 8

16-07-2022 04:29

220716-e4rtmsgeg3 8

16-07-2022 03:58

220716-ejzczsgde2 8

11-07-2022 19:19

220711-x1h2facabn 10

10-07-2022 23:55

220710-3yffesdfan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://google.com

  • Sample

    220821-r9e39aahej

Score
8/10
discoveryspyware

Malware Config

Targets

    • Target

      https://google.com

    Score
    8/10
    discoveryspyware

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks