Resubmissions
17-09-2024 16:20
240917-ttcpasscrd 417-09-2024 16:08
240917-tlmjja1hrf 617-09-2024 16:03
240917-the1aa1gnc 1017-09-2024 15:53
240917-tbyh2s1fpm 817-09-2024 15:46
240917-s738qs1dqn 1016-09-2024 16:27
240916-tx94zaxgjm 316-09-2024 16:00
240916-tfqc8swerd 1016-09-2024 15:57
240916-td4svawflr 629-08-2024 23:57
240829-3zs3xazamm 3General
-
Target
https://valkyrieofficial.vercel.app/
-
Sample
240916-tfqc8swerd
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://valkyrieofficial.vercel.app/
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
https://valkyrieofficial.vercel.app/
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1File and Directory Permissions Modification
1Pre-OS Boot
1Bootkit
1