Overview

overview

8

Static

static

1

URLScan

urlscan

https://mega.nz/fold...

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://mega.nz/folder/PN4TWQAD#fOnISnpBOgXCyzcvJsrlhA

  • Sample

    241023-wy896stdqh

Score
8/10
defense_evasiondiscoveryevasionpersistence

Malware Config

Targets

    • Target

      https://mega.nz/folder/PN4TWQAD#fOnISnpBOgXCyzcvJsrlhA

    Score
    8/10
    defense_evasiondiscoveryevasionpersistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks