General

  • Target

    https://b6007.chelokipotleam.icu/guest

  • Sample

    241112-sanf1stnfv

Malware Config

Targets

    • Target

      https://b6007.chelokipotleam.icu/guest

    • Downloads MZ/PE file

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks