General
-
Target
https://cdn.discordapp.com/attachments/1302346711947280454/1305203543678124082/WorldWars_Setup_1.0.0.rar?ex=67337e86&is=67322d06&hm=0bb4a08c141e2ce4ee1d1c221b550d2ebfcd49fb0e4fdae218ad08b2cda3ccb7&
-
Sample
241112-aykqxstmgq
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1302346711947280454/1305203543678124082/WorldWars_Setup_1.0.0.rar?ex=67337e86&is=67322d06&hm=0bb4a08c141e2ce4ee1d1c221b550d2ebfcd49fb0e4fdae218ad08b2cda3ccb7&
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1302346711947280454/1305203543678124082/WorldWars_Setup_1.0.0.rar?ex=67337e86&is=67322d06&hm=0bb4a08c141e2ce4ee1d1c221b550d2ebfcd49fb0e4fdae218ad08b2cda3ccb7&
Score8/10-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1