General
-
Target
https://startrekfleetcommand.com/download-lowerdecks/?utm_source=adwords&utm_campaign=19490085335&utm_term=148528472521&utm_content=643924680664&gsc=1&utm_medium=g_5652187&gad_source=1&gclid=EAIaIQobChMI_sivu4PHgwMVOxWtBh3AdwhgEAAYASAAEgLpXPD_BwE&wbraid=CjgKCAiAy9msBhBXEigARrOh8bS5Cl5KnUQLXQ0yLzpaLgUWKLWP47KK8BLtEtQvi6MJGuTUGgIV4w&gsid=1eeac044017e6efab282e2680905e04b
-
Sample
240105-ym9gxaheel
Malware Config
Targets
-
-
Target
https://startrekfleetcommand.com/download-lowerdecks/?utm_source=adwords&utm_campaign=19490085335&utm_term=148528472521&utm_content=643924680664&gsc=1&utm_medium=g_5652187&gad_source=1&gclid=EAIaIQobChMI_sivu4PHgwMVOxWtBh3AdwhgEAAYASAAEgLpXPD_BwE&wbraid=CjgKCAiAy9msBhBXEigARrOh8bS5Cl5KnUQLXQ0yLzpaLgUWKLWP47KK8BLtEtQvi6MJGuTUGgIV4w&gsid=1eeac044017e6efab282e2680905e04b
Score8/10-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-