General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1233411619078279248/1234166922568929280/CatalystInDev_0.1.zip?ex=664e1184&is=664cc004&hm=ec83d824e06fd1f0661a9a56a855348cc2d266cfc77cf91d21894df10a8b9b90&
Resource
win10v2004-20240508-en
windows10-2004-x64
16 signatures
150 seconds
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1233411619078279248/1234166922568929280/CatalystInDev_0.1.zip?ex=664e1184&is=664cc004&hm=ec83d824e06fd1f0661a9a56a855348cc2d266cfc77cf91d21894df10a8b9b90&
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-