Resubmissions

16-10-2024 18:15

241016-wvx3qstgma 8

16-10-2024 18:11

241016-wstyasxgqk 8

16-10-2024 18:09

241016-wrkcgatenh 8

16-10-2024 18:05

241016-wpb83sxfjl 8

16-10-2024 18:04

241016-wnvc9stdkb 4

General

  • Target

    https://dashboard.blooket.com/my-sets

  • Sample

    241016-wvx3qstgma

Malware Config

Targets

    • Target

      https://dashboard.blooket.com/my-sets

    • Downloads MZ/PE file

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks