General

  • Target

    https://cdn.discordapp.com/ephemeral-attachments/1275613666225557524/1277159644758016000/6689B734CAAD.exe?ex=66cc271b&is=66cad59b&hm=c0aa2dc0f1378575e02cb41475bcfdf521b2d9a89bdb3ebd5a700964225f7231&

  • Sample

    240825-hqya2sseqm

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/ephemeral-attachments/1275613666225557524/1277159644758016000/6689B734CAAD.exe?ex=66cc271b&is=66cad59b&hm=c0aa2dc0f1378575e02cb41475bcfdf521b2d9a89bdb3ebd5a700964225f7231&

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks