Resubmissions

23/02/2024, 08:45

240223-kn74ksdh6t 8

22/02/2024, 14:45

240222-r4zwgabb8x 8

22/02/2024, 14:38

240222-rz3rkabb4v 8

General

  • Target

    https://cdn.discordapp.com/attachments/785373591918477334/1109849398667644948/xampp-windows-x64-8.2.4-0-VS16-installer.exe?ex=65e4884c&is=65d2134c&hm=0807365f00ac5c26f1f2c8f92c667f26df9fce4fa73497b6e7a012e2d3ff6c8b&

  • Sample

    240223-kn74ksdh6t

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/785373591918477334/1109849398667644948/xampp-windows-x64-8.2.4-0-VS16-installer.exe?ex=65e4884c&is=65d2134c&hm=0807365f00ac5c26f1f2c8f92c667f26df9fce4fa73497b6e7a012e2d3ff6c8b&

    • Downloads MZ/PE file

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks