Resubmissions

04/11/2024, 04:27

241104-e25mqathmj 6

04/11/2024, 04:21

241104-eyr78atgmr 10

04/11/2024, 04:03

241104-empyqataqg 8

General

  • Target

    http://tiktok.com

  • Sample

    241104-empyqataqg

Malware Config

Targets

    • Target

      http://tiktok.com

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Boot or Logon Autostart Execution: Print Processors

      Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks