Resubmissions
28-10-2024 19:44
241028-yfzzwswbnl 319-09-2024 17:46
240919-wcq7gasarn 314-09-2024 23:25
240914-3egt5sshjc 629-08-2024 08:30
240829-kd8mcs1hph 929-08-2024 08:05
240829-jy9jqashqp 329-08-2024 07:45
240829-jlqabasell 329-08-2024 07:24
240829-h8gq1szblh 329-08-2024 02:45
240829-c8p5hazemc 327-08-2024 21:54
240827-1sjjsatcmf 826-08-2024 22:44
240826-2nwtzs1brm 6General
-
Target
https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM
-
Sample
240827-1sjjsatcmf
Malware Config
Targets
-
-
Target
https://mega.nz/file/8zdVADbQ#zgBChae6OAWDlXIIXvyN2uTShbQUcxQkIfMD9eQhdQM
Score8/10-
Downloads MZ/PE file
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1