General

  • Target

    https://zip-store.oss-ap-southeast-1.aliyuncs.com/updated%20file/getup.txt

  • Sample

    241107-zqn6taxqet

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://zip-store.oss-ap-southeast-1.aliyuncs.com/v2-sep-baba.txt

Targets

    • Target

      https://zip-store.oss-ap-southeast-1.aliyuncs.com/updated%20file/getup.txt

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks