Resubmissions

12-08-2024 19:22

240812-x27feswaqp 8

12-08-2024 19:08

240812-xtbnsavflk 9

General

  • Target

    https://cdn.discordapp.com/attachments/1271767857734221844/1271767858141073459/lol.exe?ex=66bb2c9d&is=66b9db1d&hm=6ecb3a274001883d9565202be676f968730be8052a12527b2907a913acb6f806&

  • Sample

    240812-xtbnsavflk

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1271767857734221844/1271767858141073459/lol.exe?ex=66bb2c9d&is=66b9db1d&hm=6ecb3a274001883d9565202be676f968730be8052a12527b2907a913acb6f806&

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand microsoft.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks