General
-
Target
https://bestrondir.online/direct/?cod=33339&templ=14&name=PSX+OP+SCRIPT+%28WorkInk+Installer%29&cf=16&uo=aHR0cHM6Ly93b3JraW5rLmNsaWNrLw%3D%3D&duf=%3D0TPB9EVkhVTGJVMWZDa6JFeZpnT6tGMOVTW6Fmd102Ur5EValXOHV1RSVUZGFTVk1mRFpFVwhlUxEzRjVXRspVNsxWYPJEVRVVMVVmbw1GV0kTbhpkQqJFWGdVYz4EMUh3arFmTKR1UVVDMkZEcXRFMrZkVOpFVTVjTHJ2SoZVWzg2RXFGbyQGVwZVTLhWRaJzaVFWaahkYIJ1RhFzYWl1d0U0VhZVVPhkWGJ2V10WW3pEbilmWuRFdsBzYKxGSUJDeXJWTs1mVJZ0RNNnSqdVMOhlYpJEWNVjRXVWNJRkWygGVhBFcuFVSSdUTvFzVTJzaVFma412UZBnVidVMykFckhVYKxGWWVVMVRmRSBDVxQ2RS9EbI5EV5UkTKxmMUBnRFdFasJDZwxGMWRDdXNlMrBTVhR3VPlXRW50SoVkWxoVMNlGctNFR4VVZ2B3VTNnSFdFbWZlT5l0RjNFaWdlM3JjUrh3VOlXSHR2SOVEV3V1al9kRURVc5UVYSRWMVlnV6ZFaO52U1YVbMVzbwE1VoZ0Yyx2aOpkTwkVMJxmYK5EWTBXNV1kSwhlVKBXVhBFbykFSKdUYLxGWa9SZu9GZvsmbp5yay92dukGch1CdjVmcpRWZy9yL6MHc0RHa
-
Sample
230421-xz5h2shd92
Malware Config
Targets
-
-
Target
https://bestrondir.online/direct/?cod=33339&templ=14&name=PSX+OP+SCRIPT+%28WorkInk+Installer%29&cf=16&uo=aHR0cHM6Ly93b3JraW5rLmNsaWNrLw%3D%3D&duf=%3D0TPB9EVkhVTGJVMWZDa6JFeZpnT6tGMOVTW6Fmd102Ur5EValXOHV1RSVUZGFTVk1mRFpFVwhlUxEzRjVXRspVNsxWYPJEVRVVMVVmbw1GV0kTbhpkQqJFWGdVYz4EMUh3arFmTKR1UVVDMkZEcXRFMrZkVOpFVTVjTHJ2SoZVWzg2RXFGbyQGVwZVTLhWRaJzaVFWaahkYIJ1RhFzYWl1d0U0VhZVVPhkWGJ2V10WW3pEbilmWuRFdsBzYKxGSUJDeXJWTs1mVJZ0RNNnSqdVMOhlYpJEWNVjRXVWNJRkWygGVhBFcuFVSSdUTvFzVTJzaVFma412UZBnVidVMykFckhVYKxGWWVVMVRmRSBDVxQ2RS9EbI5EV5UkTKxmMUBnRFdFasJDZwxGMWRDdXNlMrBTVhR3VPlXRW50SoVkWxoVMNlGctNFR4VVZ2B3VTNnSFdFbWZlT5l0RjNFaWdlM3JjUrh3VOlXSHR2SOVEV3V1al9kRURVc5UVYSRWMVlnV6ZFaO52U1YVbMVzbwE1VoZ0Yyx2aOpkTwkVMJxmYK5EWTBXNV1kSwhlVKBXVhBFbykFSKdUYLxGWa9SZu9GZvsmbp5yay92dukGch1CdjVmcpRWZy9yL6MHc0RHa
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-