Overview

overview

9

Static

static

1

URLScan

urlscan

https://pastebin.com...

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://pastebin.com/VB31uSSx

  • Sample

    241031-srqbya1cqk

Score
9/10
discoveryevasionexploitpersistenceransomware

Malware Config

Targets

    • Target

      https://pastebin.com/VB31uSSx

    Score
    9/10
    discoveryevasionexploitpersistenceransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Possible privilege escalation attempt

      exploit

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks