Resubmissions

15-04-2024 18:14

240415-wvnjasfb8z 1

15-04-2024 15:31

240415-sx2l6ahh24 1

15-04-2024 15:27

240415-sv1l3shg66 7

15-04-2024 15:20

240415-sqpzsahf64 6

15-04-2024 15:13

240415-sl87vsbg3w 1

15-04-2024 15:08

240415-shx1eshe22 1

15-04-2024 14:26

240415-rrt5fsge93 8

15-04-2024 14:26

240415-rrt5fsge92 4

15-04-2024 14:26

240415-rrttpage89 1

15-04-2024 14:20

240415-rnn42aaf4w 8

General

  • Target

    https://tria.ge/dashboard

  • Sample

    240415-rnn42aaf4w

Malware Config

Targets

    • Target

      https://tria.ge/dashboard

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks