Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://giris.eba.gov...

windows11-21h2-x64

Resubmissions

04-04-2024 16:45

240404-t9qk4acg6s 10

04-04-2024 16:44

240404-t8yv3sdd57 1

04-04-2024 16:42

240404-t7xxdsdd33 7

04-04-2024 16:39

240404-t6f79acf6x 4

04-04-2024 16:36

240404-t4qznsdc33 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://giris.eba.gov.tr

  • Sample

    240404-t9qk4acg6s

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      http://giris.eba.gov.tr

    Score
    10/10
    discoveryevasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks