General
-
Target
https://winebottler.kronenberg.org/download.php?f=WineBottlerCombo_1.8.6.dmg&m=d2luZWJvdHRsZXIua3JvbmVuYmVyZy5vcmcvY29tYm8vYnVpbGRzhttps://s28667145.weebly.com/memz-download.html
-
Sample
240326-e4v63ada28
Malware Config
Targets
-
-
Target
https://winebottler.kronenberg.org/download.php?f=WineBottlerCombo_1.8.6.dmg&m=d2luZWJvdHRsZXIua3JvbmVuYmVyZy5vcmcvY29tYm8vYnVpbGRzhttps://s28667145.weebly.com/memz-download.html
Score10/10-
Detected phishing page
-
Path Permission
Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Changes its process name
-
Reads the content of photos stored on the user's device.
-
Reads user data of web browsers
Reads stored browser data which can include saved credentials.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Gatekeeper Bypass
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
-
Reads CPU attributes
-
File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
-