General

  • Target

    https://drive.google.com/file/d/1RBD8R7H9cVXRxmAa4QApZkyInlgRE1aC/view

  • Sample

    241109-j4abtatnap

Malware Config

Targets

    • Target

      https://drive.google.com/file/d/1RBD8R7H9cVXRxmAa4QApZkyInlgRE1aC/view

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • A potential corporate email address has been identified in the URL: =@L

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.