Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows11-21h2-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1284475802603491411/1284491094217982014/rkill.exe?ex=66e6d30d&is=66e5818d&hm=1d5f196c5aefe8ee9c5de3dfa220e9895802cbd0a5be33ba705b9211f263cc87&

  • Sample

    240914-ppfsyathjf

Score
8/10
bootkitdefense_evasiondiscoverypersistence

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1284475802603491411/1284491094217982014/rkill.exe?ex=66e6d30d&is=66e5818d&hm=1d5f196c5aefe8ee9c5de3dfa220e9895802cbd0a5be33ba705b9211f263cc87&

    Score
    8/10
    bootkitdefense_evasiondiscoverypersistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks