General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
-
Sample
240427-yge14sfa47
Malware Config
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies WinLogon for persistence
-
Downloads MZ/PE file
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Registers new Print Monitor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Drops desktop.ini file(s)
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Modifies WinLogon
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
4Winlogon Helper DLL
2Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
6Registry Run Keys / Startup Folder
4Winlogon Helper DLL
2Defense Evasion
Modify Registry
12Subvert Trust Controls
1SIP and Trust Provider Hijacking
1