Resubmissions

09/05/2024, 10:33

240509-mlsl8afg37 6

09/05/2024, 10:31

240509-mkec7sff85 6

09/05/2024, 10:30

240509-mj4xgada4t 6

09/05/2024, 10:25

240509-mgbsxafe78 10

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

  • Sample

    240509-mgbsxafe78

Malware Config

Targets

    • Target

      https://github.com/Endermanch/MalwareDatabase

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (85) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks