Resubmissions

12/03/2023, 12:59

230312-p73qesdh67 8

12/03/2023, 12:52

230312-p4gzjsdh55 8

12/03/2023, 12:45

230312-py7ysafh7w 6

12/03/2023, 12:34

230312-pr7dnsdg98 7

12/03/2023, 12:24

230312-plfnrsfh4x 8

12/03/2023, 12:21

230312-pjct4afh4s 7

12/03/2023, 12:15

230312-pfcd6afh2y 8

12/03/2023, 12:08

230312-pazbqsfg9t 8

12/03/2023, 12:04

230312-n8rh4sfg8w 8

General

  • Target

    https://google.com

  • Sample

    230312-plfnrsfh4x

Malware Config

Targets

    • Target

      https://google.com

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks