General

  • Target

    http://a.directfiledl.com/getfile?id=55916315&s=B7EB7C67

  • Sample

    241114-fbcdxsvdqq

Malware Config

Targets

    • Target

      http://a.directfiledl.com/getfile?id=55916315&s=B7EB7C67

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

MITRE ATT&CK Enterprise v15

Tasks