General

  • Target

    http://

  • Sample

    240523-mwpy3sdf3x

Malware Config

Targets

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Modifies visiblity of hidden/system files in Explorer

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies Installed Components in the registry

    • Registers new Print Monitor

    • Sets file execution options in registry

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks