hxxps://external[.]instastalker[.]net/aHR0cHM6Ly9zY29udGVudC1sZ2EzLTEuY2RuaW5zdGFncmFtLmNvbS9vMS92L3QxNi9mMS9tNzgvMjI0MjRFNjA0ODFCNzA4MTI0NUFCNzM4NTVBNDZGQkNfdmlkZW9fZGFzaGluaXQubXA0P2VmZz1leUoyWlc1amIyUmxYM1JoWnlJNkluWjBjMTkyYjJSZmRYSnNaMlZ1TG5OMGIzSjVMbU14TGpVM05pNWlZWE5sYkdsdVpTSjkmX25jX2h0PXNjb250ZW50LWxnYTMtMS5jZG5pbnN0YWdyYW0uY29tJl9uY19jYXQ9MTAwJnZzPTE0NTg0MjY5MTEzODU4OTdfMjg3MTAyODYyMyZfbmNfdnM9SEJrc0ZRSVlVV2xuWDNod2RsOXdiR0ZqWlcxbGJuUmZjR1Z5YldGdVpXNTBYM1l5THpJeU5ESTBSVFl3TkRneFFqY3dPREV5TkRWQlFqY3pPRFUxUVRRMlJrSkRYM1pwWkdWdlgyUmhjMmhwYm1sMExtMXdOQlVBQXNnQkFCVUNHRHB3WVhOemRHaHliM1ZuYUY5bGRtVnljM1J2Y21VdlIwaFBkRlpvYWw4d1lsRlNUWE5CUTBGTExVeEJVa1ZsTUc5V1oySndhM2RCUVVGR0ZRSUN5QUVBS0FBWUFCc0JpQWQxYzJWZmIybHNBVEVWQUFBbSUyRk8zS3Y5Q0c5ajhWQWlnQ1F6TXNGMEF2ek16TXpNek5HQkprWVhOb1gySmhjMlZzYVc1bFh6RmZkakVSQUhYb0J3QSUzRCZjY2I9OS00Jm9oPTAwX0FmQkFORzVMWVpucE5BVFBhWkgwZW9KRTBISmlreUtsYlVod3dBSGVZbXdIZVEmb2U9NjYxMjNCMTYmX25jX3NpZD05ODJjYzc=

General

Target

https://external.instastalker.net/aHR0cHM6Ly9zY29udGVudC1sZ2EzLTEuY2RuaW5zdGFncmFtLmNvbS9vMS92L3QxNi9mMS9tNzgvMjI0MjRFNjA0ODFCNzA4MTI0NUFCNzM4NTVBNDZGQkNfdmlkZW9fZGFzaGluaXQubXA0P2VmZz1leUoyWlc1amIyUmxYM1JoWnlJNkluWjBjMTkyYjJSZmRYSnNaMlZ1TG5OMGIzSjVMbU14TGpVM05pNWlZWE5sYkdsdVpTSjkmX25jX2h0PXNjb250ZW50LWxnYTMtMS5jZG5pbnN0YWdyYW0uY29tJl9uY19jYXQ9MTAwJnZzPTE0NTg0MjY5MTEzODU4OTdfMjg3MTAyODYyMyZfbmNfdnM9SEJrc0ZRSVlVV2xuWDNod2RsOXdiR0ZqWlcxbGJuUmZjR1Z5YldGdVpXNTBYM1l5THpJeU5ESTBSVFl3TkRneFFqY3dPREV5TkRWQlFqY3pPRFUxUVRRMlJrSkRYM1pwWkdWdlgyUmhjMmhwYm1sMExtMXdOQlVBQXNnQkFCVUNHRHB3WVhOemRHaHliM1ZuYUY5bGRtVnljM1J2Y21VdlIwaFBkRlpvYWw4d1lsRlNUWE5CUTBGTExVeEJVa1ZsTUc5V1oySndhM2RCUVVGR0ZRSUN5QUVBS0FBWUFCc0JpQWQxYzJWZmIybHNBVEVWQUFBbSUyRk8zS3Y5Q0c5ajhWQWlnQ1F6TXNGMEF2ek16TXpNek5HQkprWVhOb1gySmhjMlZzYVc1bFh6RmZkakVSQUhYb0J3QSUzRCZjY2I9OS00Jm9oPTAwX0FmQkFORzVMWVpucE5BVFBhWkgwZW9KRTBISmlreUtsYlVod3dBSGVZbXdIZVEmb2U9NjYxMjNCMTYmX25jX3NpZD05ODJjYzc=
Sample

240405-x8xjssce56

Score

8^/10

Malware Config

Targets

- Target
  
  https://external.instastalker.net/aHR0cHM6Ly9zY29udGVudC1sZ2EzLTEuY2RuaW5zdGFncmFtLmNvbS9vMS92L3QxNi9mMS9tNzgvMjI0MjRFNjA0ODFCNzA4MTI0NUFCNzM4NTVBNDZGQkNfdmlkZW9fZGFzaGluaXQubXA0P2VmZz1leUoyWlc1amIyUmxYM1JoWnlJNkluWjBjMTkyYjJSZmRYSnNaMlZ1TG5OMGIzSjVMbU14TGpVM05pNWlZWE5sYkdsdVpTSjkmX25jX2h0PXNjb250ZW50LWxnYTMtMS5jZG5pbnN0YWdyYW0uY29tJl9uY19jYXQ9MTAwJnZzPTE0NTg0MjY5MTEzODU4OTdfMjg3MTAyODYyMyZfbmNfdnM9SEJrc0ZRSVlVV2xuWDNod2RsOXdiR0ZqWlcxbGJuUmZjR1Z5YldGdVpXNTBYM1l5THpJeU5ESTBSVFl3TkRneFFqY3dPREV5TkRWQlFqY3pPRFUxUVRRMlJrSkRYM1pwWkdWdlgyUmhjMmhwYm1sMExtMXdOQlVBQXNnQkFCVUNHRHB3WVhOemRHaHliM1ZuYUY5bGRtVnljM1J2Y21VdlIwaFBkRlpvYWw4d1lsRlNUWE5CUTBGTExVeEJVa1ZsTUc5V1oySndhM2RCUVVGR0ZRSUN5QUVBS0FBWUFCc0JpQWQxYzJWZmIybHNBVEVWQUFBbSUyRk8zS3Y5Q0c5ajhWQWlnQ1F6TXNGMEF2ek16TXpNek5HQkprWVhOb1gySmhjMlZzYVc1bFh6RmZkakVSQUhYb0J3QSUzRCZjY2I9OS00Jm9oPTAwX0FmQkFORzVMWVpucE5BVFBhWkgwZW9KRTBISmlreUtsYlVod3dBSGVZbXdIZVEmb2U9NjYxMjNCMTYmX25jX3NpZD05ODJjYzc=
Score

8^/10

discovery evasion trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1