General

  • Target

    https://winderbox.pl/

  • Sample

    240608-rfa77scc7v

Malware Config

Targets

    • Target

      https://winderbox.pl/

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks