Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-2004-x64

Resubmissions

08/05/2023, 16:29

230508-ty883add2w 7

03/05/2023, 17:51

230503-wfl2xshf41 6

03/05/2023, 17:22

230503-vxj38ahe31 6

03/05/2023, 17:04

230503-vlkklshd5x 10

03/05/2023, 17:00

230503-vhycashd4z 10

03/05/2023, 16:53

230503-vebdcshd3v 10

03/05/2023, 16:47

230503-vaqbqahd2v 7

03/05/2023, 13:35

230503-qvq2jaeh33 10

02/05/2023, 18:35

230502-w8fqlscb24 10

02/05/2023, 18:32

230502-w6ltvaca89 1

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://mega.nz/file/4gJVxDaT#eAIMRrtwqm4KihPTLFv2W4Cw1-7TcDnmpkKQsdVvPpA

  • Sample

    230503-vebdcshd3v

Score
10/10
discoveryevasionexploitpersistencetrojan

Malware Config

Targets

    • Target

      https://mega.nz/file/4gJVxDaT#eAIMRrtwqm4KihPTLFv2W4Cw1-7TcDnmpkKQsdVvPpA

    Score
    10/10
    discoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks