General

  • Target

    https://github.com/pankoza2-pl/malware

  • Sample

    240615-r4tpfsyalp

Malware Config

Targets

    • Target

      https://github.com/pankoza2-pl/malware

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

File and Directory Permissions Modification

1
T1222

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks