Overview

overview

9

Static

static

1

URLScan

urlscan

https://files.catbox...

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://files.catbox.moe/c95482.rar

  • Sample

    240522-at563aeg63

Score
9/10
evasionexecutionpersistence

Malware Config

Targets

    • Target

      https://files.catbox.moe/c95482.rar

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Looks for VirtualBox drivers on disk

      evasion

    • Looks for VirtualBox executables on disk

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Looks for VMWare drivers on disk

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks