General

  • Target

    https://drive.google.com/drive/folders/1je7KqLp9zO9hRP3wUtP3EknROHb8jT5C?usp=drive_link****

  • Sample

    240902-xsr95svgpm

Malware Config

Targets

    • Target

      https://drive.google.com/drive/folders/1je7KqLp9zO9hRP3wUtP3EknROHb8jT5C?usp=drive_link****

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.