General

  • Target

    https://filedm.com/9SPZz

  • Sample

    241112-14h3dssenn

Malware Config

Targets

    • Target

      https://filedm.com/9SPZz

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Probable phishing domain

MITRE ATT&CK Enterprise v15

Tasks