General
-
Target
http://80.66.75.37/a-Lyrdbmzywx.exe
-
Sample
230325-t9b3psde68
Score
8/10
Malware Config
Targets
-
-
Target
http://80.66.75.37/a-Lyrdbmzywx.exe
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Windows security modification
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Discovery
Query Registry
5Security Software Discovery
1System Information Discovery
3Peripheral Device Discovery
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation