General
-
Target
http://mediafire.com/file/svzeru2w709ddfl/cookie.zip/file
-
Sample
240808-yka7bsydjl
Score
8/10
Malware Config
Targets
-
-
Target
http://mediafire.com/file/svzeru2w709ddfl/cookie.zip/file
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Network Service Discovery
1Peripheral Device Discovery
2Query Registry
4Software Discovery
1Security Software Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1