General

  • Target

    https://ahmedsn-shop.netlify.app/accounts

  • Sample

    241112-1nwcsa1lew

Malware Config

Targets

    • Target

      https://ahmedsn-shop.netlify.app/accounts

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: =@L

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

MITRE ATT&CK Enterprise v15

Tasks