General

  • Target

    https://objects.githubusercontent.com/github-production-release-asset-2e65be/468282768/b805d0b6-8973-4fa6-8b5e-c37af2075037?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241030%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241030T152032Z&X-Amz-Expires=300&X-Amz-Signature=2b300efe882f55895b03a6680744bea23a878ae590b4481cd42cb67d3f163a13&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTrafficerMC-3.1-windows-x64.exe&response-content-type=application%2Foctet-stream

  • Sample

    241030-ssx36sxngr

Malware Config

Targets

    • Target

      https://objects.githubusercontent.com/github-production-release-asset-2e65be/468282768/b805d0b6-8973-4fa6-8b5e-c37af2075037?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241030%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241030T152032Z&X-Amz-Expires=300&X-Amz-Signature=2b300efe882f55895b03a6680744bea23a878ae590b4481cd42cb67d3f163a13&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DTrafficerMC-3.1-windows-x64.exe&response-content-type=application%2Foctet-stream

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks