Resubmissions
29-04-2024 08:42
240429-kma3fseh51 1028-04-2024 12:51
240428-p3kdaagb82 628-04-2024 12:50
240428-p3c9zagb79 128-04-2024 12:50
240428-p2xxzsge81 127-04-2024 12:26
240427-pmpcasba9v 1025-04-2024 15:48
240425-s8x34scc35 1024-04-2024 16:46
240424-t97jlsdd7t 1024-04-2024 12:25
240424-pllj1shg8y 1023-04-2024 15:49
240423-s9tgbahf57 1023-04-2024 10:17
240423-mbcg9afd94 1General
-
Target
https://bing.com
-
Sample
240424-pllj1shg8y
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bing.com
Resource
win10-20240404-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1222934891348623510/Ub0_FbG3n0ymoXEKwmmY5ar0ton3_3ECZSk0sxZj-lzMJrHgzr3xj2_TYpRvWzGv4yBM
Targets
-
-
Target
https://bing.com
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1