General

  • Target

    http://github.com

  • Sample

    240221-t587msbf84

Malware Config

Targets

    • Target

      http://github.com

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks