General
-
Target
https://www.support.me/paypal
-
Sample
230405-wnd2aage68
Score
7/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.support.me/paypal
Resource
win10-20230220-en
22 signatures
1200 seconds
Malware Config
Targets
-
-
Target
https://www.support.me/paypal
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-