hxxps://cdn[.]gilcdn[.]com/ContentMediaGenericFiles/97ae67c92f24b86e55231b388a333ef0-Full[.]rar?w=1&h=1&Expires=1723851283&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9jZG4uZ2lsY2RuLmNvbS8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzIzODUxMjgzfX19XX0_&Signature=bsTetsdepm7zPBKRI6HQCJXXzn8efqxsoGbb6SqyoMB1i7zNm0D1Q-v2BhdPvPZMrmW9DHUkXpFQ~BacOM7QhlZYbR1ycbS8CCR9Py65khAz39WN~16hyaadft~QZ-o7E3x-oPS02RUVSgodf7Dkws1WaMLk9Q0~HGNp-3fe3gu4bhD~BjKRX2uyE~CRLDFRz1jpgfXNGheQLrRccrhj17hTrOVbtUSCGWv-sa9C8BfwFjhgOlqF1sqzJevkaCaDG0eduVbCcBHzgJOq~kzZjKVOvBbLVMNiPM6NL-aFq5Q-xk3LAs-xgf-eBnfSu0yrD9cvMGvuYeBThW5U9lYt1g__&Key-Pair-Id=K1FFKFZRWAZSB

General

Target

https://cdn.gilcdn.com/ContentMediaGenericFiles/97ae67c92f24b86e55231b388a333ef0-Full.rar?w=1&h=1&Expires=1723851283&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9jZG4uZ2lsY2RuLmNvbS8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzIzODUxMjgzfX19XX0_&Signature=bsTetsdepm7zPBKRI6HQCJXXzn8efqxsoGbb6SqyoMB1i7zNm0D1Q-v2BhdPvPZMrmW9DHUkXpFQ~BacOM7QhlZYbR1ycbS8CCR9Py65khAz39WN~16hyaadft~QZ-o7E3x-oPS02RUVSgodf7Dkws1WaMLk9Q0~HGNp-3fe3gu4bhD~BjKRX2uyE~CRLDFRz1jpgfXNGheQLrRccrhj17hTrOVbtUSCGWv-sa9C8BfwFjhgOlqF1sqzJevkaCaDG0eduVbCcBHzgJOq~kzZjKVOvBbLVMNiPM6NL-aFq5Q-xk3LAs-xgf-eBnfSu0yrD9cvMGvuYeBThW5U9lYt1g__&Key-Pair-Id=K1FFKFZRWAZSB
Sample

240816-1s53sazare

Score

9^/10

Malware Config

Targets

- Target
  
  https://cdn.gilcdn.com/ContentMediaGenericFiles/97ae67c92f24b86e55231b388a333ef0-Full.rar?w=1&h=1&Expires=1723851283&Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9jZG4uZ2lsY2RuLmNvbS8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzIzODUxMjgzfX19XX0_&Signature=bsTetsdepm7zPBKRI6HQCJXXzn8efqxsoGbb6SqyoMB1i7zNm0D1Q-v2BhdPvPZMrmW9DHUkXpFQ~BacOM7QhlZYbR1ycbS8CCR9Py65khAz39WN~16hyaadft~QZ-o7E3x-oPS02RUVSgodf7Dkws1WaMLk9Q0~HGNp-3fe3gu4bhD~BjKRX2uyE~CRLDFRz1jpgfXNGheQLrRccrhj17hTrOVbtUSCGWv-sa9C8BfwFjhgOlqF1sqzJevkaCaDG0eduVbCcBHzgJOq~kzZjKVOvBbLVMNiPM6NL-aFq5Q-xk3LAs-xgf-eBnfSu0yrD9cvMGvuYeBThW5U9lYt1g__&Key-Pair-Id=K1FFKFZRWAZSB
Score

9^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Downloads MZ/PE file
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1