General
-
Target
https://drive.google.com/file/d/1dOID2tCsWDWKqb8mLhEeqpPox5neXXbx/view?usp=sharing
-
Sample
240728-h8wvyavemj
Malware Config
Targets
-
-
Target
https://drive.google.com/file/d/1dOID2tCsWDWKqb8mLhEeqpPox5neXXbx/view?usp=sharing
Score8/10-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Network Share Discovery
Attempt to gather information on host network.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Discovery
Browser Information Discovery
1Network Service Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
6Software Discovery
1Security Software Discovery
1System Information Discovery
6System Location Discovery
1System Language Discovery
1