hxxps://archive[.]org/details/malware-pack-2 | Triage

Resubmissions

06/07/2024, 19:34

240706-yaglcs1emn 10

06/07/2024, 19:29

240706-x7jasa1drl 10

06/07/2024, 19:22

240706-x29wjs1dmq 8

Sharing

General

Target

https://archive.org/details/malware-pack-2
Sample

240706-x7jasa1drl

Score

10^/10

evasion persistence trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://93.115.82.248/?0=1&1=1&2=9&3=i&4=9200&5=1&6=1111&7=sdkrocqnop

Targets

- Target
  
  https://archive.org/details/malware-pack-2
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

evasionpersistencetrojan