hxxps://zamcorecruitment-my[.]sharepoint[.]com/[:]b[:]/p/sheldon/EbbKdefnjAlFmnySF-kEKQEBCwGEZ80BiEE-uA5_EeFMbw?e=bxSnJ8&xsdata=MDV8MDJ8b2RpYS5vc2Fkb2xvckB0ZWNobmlwZm1jLmNvbXw2NDk0NTExMzY3NTA0MjIyODUyNDA4ZGM1ZmM2NmI2OXwwODA0Yzk1MTkzYTA0MDVkODBlNGZhODdjNzU1MWQ2YXwwfDB8NjM4NDkwNTUzMDMzMjgwMTUzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=M2RjSllhSXlqZkhwU0p4SXp6R1JvWjNrWjlXTFlQUWtDMTdLUFJuL08xZz0%3d

Sharing

Copy URL

Twitter E-mail

General

Target

https://zamcorecruitment-my.sharepoint.com/:b:/p/sheldon/EbbKdefnjAlFmnySF-kEKQEBCwGEZ80BiEE-uA5_EeFMbw?e=bxSnJ8&xsdata=MDV8MDJ8b2RpYS5vc2Fkb2xvckB0ZWNobmlwZm1jLmNvbXw2NDk0NTExMzY3NTA0MjIyODUyNDA4ZGM1ZmM2NmI2OXwwODA0Yzk1MTkzYTA0MDVkODBlNGZhODdjNzU1MWQ2YXwwfDB8NjM4NDkwNTUzMDMzMjgwMTUzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=M2RjSllhSXlqZkhwU0p4SXp6R1JvWjNrWjlXTFlQUWtDMTdLUFJuL08xZz0%3d
Sample

240418-v2jy1sae22

Score

8^/10

Malware Config

Targets

- Target
  
  https://zamcorecruitment-my.sharepoint.com/:b:/p/sheldon/EbbKdefnjAlFmnySF-kEKQEBCwGEZ80BiEE-uA5_EeFMbw?e=bxSnJ8&xsdata=MDV8MDJ8b2RpYS5vc2Fkb2xvckB0ZWNobmlwZm1jLmNvbXw2NDk0NTExMzY3NTA0MjIyODUyNDA4ZGM1ZmM2NmI2OXwwODA0Yzk1MTkzYTA0MDVkODBlNGZhODdjNzU1MWQ2YXwwfDB8NjM4NDkwNTUzMDMzMjgwMTUzfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=M2RjSllhSXlqZkhwU0p4SXp6R1JvWjNrWjlXTFlQUWtDMTdLUFJuL08xZz0%3d
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Reads CPU attributes
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3

behavioral4