Resubmissions

21-08-2024 10:10

240821-l7gw6sseme 7

21-08-2024 10:05

240821-l4my1swdkq 8

General

  • Target

    https://mega.nz/file/XhQmEbTZ#6141Nn8kw_GYKHDaw1LjqkfANFxPVTH40EDlCV0Y_58

  • Sample

    240821-l4my1swdkq

Malware Config

Targets

    • Target

      https://mega.nz/file/XhQmEbTZ#6141Nn8kw_GYKHDaw1LjqkfANFxPVTH40EDlCV0Y_58

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Blocklisted process makes network request

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.