Resubmissions
03-12-2024 21:44
241203-1lfvba1ncp 619-10-2024 22:38
241019-2kv4aavgnm 319-08-2024 01:19
240819-bpr93szapm 319-08-2024 00:51
240819-a7mlwavcqg 1019-08-2024 00:48
240819-a5824avcka 619-08-2024 00:44
240819-a3nndavara 1019-08-2024 00:41
240819-a12gfsvaja 719-08-2024 00:39
240819-azr7dsthlh 819-08-2024 00:02
240819-abjkcasema 619-08-2024 00:00
240819-aas3dswaqk 1General
-
Target
https://github.com/Endermanch/MalwareDatabase
-
Sample
240819-a3nndavara
Malware Config
Targets
-
-
Target
https://github.com/Endermanch/MalwareDatabase
Score10/10-
Modifies visibility of file extensions in Explorer
-
UAC bypass
-
Renames multiple (90) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4