hxxps://vencord[.]dev/download

General

Target

https://vencord.dev/download
Sample

240725-tl8f1azclp

Score

10^/10

Malware Config

Targets

- Target
  
  https://vencord.dev/download
Score

10^/10

credential_access defense_evasion discovery evasion execution persistence privilege_escalation spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Downloads MZ/PE file
- Modify Registry: Disable Windows Driver Blocklist
  Disable Windows Driver Blocklist via Registry.
  defense_evasion
- Boot or Logon Autostart Execution: LSASS Driver
  Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems.
  persistence credential_access
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Hijack Execution Flow: Executable Installer File Permissions Weakness
  Possible Turn off User Account Control's privilege elevation for standard users.
  defense_evasion persistence privilege_escalation
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1