General

  • Target

    http://minecraft.net

  • Sample

    240221-1bdbfafe41

Malware Config

Targets

    • Target

      http://minecraft.net

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks