General

  • Target

    https://app.powerbi.com/view?r=eyJrIjoiMDM5MDRmOTEtNzMxMi00NzA1LTk1OGUtMWIyNjU1YzI0MzIwIiwidCI6IjJkMTNkMGU4LTI1YjgtNDE2Yi04YzQ1LTVkZDU4MDgzYmVjZCJ9

  • Sample

    240812-x7r8pawcrr

Malware Config

Targets

    • Target

      https://app.powerbi.com/view?r=eyJrIjoiMDM5MDRmOTEtNzMxMi00NzA1LTk1OGUtMWIyNjU1YzI0MzIwIiwidCI6IjJkMTNkMGU4LTI1YjgtNDE2Yi04YzQ1LTVkZDU4MDgzYmVjZCJ9

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks