Resubmissions

25-06-2024 22:21

240625-196ewazbln 10

23-06-2024 21:43

240623-1k776sxanr 4

General

  • Target

    https://sussylink.netlify.app/

  • Sample

    240625-196ewazbln

Malware Config

Targets

    • Target

      https://sussylink.netlify.app/

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks