hxxps://www[.]support[.]me/paypal | Triage

Submit
Reports

Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://www.support....

windows10-1703-x64

7

Sharing

General

Target

https://www.support.me/paypal
Sample

230405-wnd2aage68

Score

7^/10

bootkit evasion persistence trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.support.me/paypal

Resource

win10-20230220-en

bootkit evasion persistence trojan

windows10-1703-x64

22 signatures

1200 seconds

Malware Config

Targets

- Target
  
  https://www.support.me/paypal
Score

7^/10

bootkit evasion persistence trojan
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

urlscan1

behavioral1

bootkitevasionpersistencetrojan

© 2018-2024

Terms | Privacy