hxxps://mega[.]nz/file/dVo31I6A#ZcoYTJffHohVB1U_0hsI9YLAngdsrLuGvKbj8jJkFh4 | Triage

Submit
Reports

Overview

overview

8

Static

static

URLScan

urlscan

1

https://mega.nz/file...

windows7-x64

8

https://mega.nz/file...

windows10-2004-x64

8

Sharing

General

Target

https://mega.nz/file/dVo31I6A#ZcoYTJffHohVB1U_0hsI9YLAngdsrLuGvKbj8jJkFh4
Sample

221003-jattcsegdj

Score

8^/10

bootkit discovery exploit persistence spyware stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://mega.nz/file/dVo31I6A#ZcoYTJffHohVB1U_0hsI9YLAngdsrLuGvKbj8jJkFh4

Resource

win7-20220812-en

bootkit discovery exploit persistence spyware stealer

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

https://mega.nz/file/dVo31I6A#ZcoYTJffHohVB1U_0hsI9YLAngdsrLuGvKbj8jJkFh4

Resource

win10v2004-20220901-en

bootkit discovery exploit persistence spyware stealer

windows10-2004-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  https://mega.nz/file/dVo31I6A#ZcoYTJffHohVB1U_0hsI9YLAngdsrLuGvKbj8jJkFh4
Score

8^/10

bootkit discovery exploit persistence spyware stealer
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bootkitdiscoveryexploitpersistencespywarestealer

behavioral2

bootkitdiscoveryexploitpersistencespywarestealer

© 2018-2024

Terms | Privacy