General
-
Target
https://discord.gg/pg3d
-
Sample
241114-zd347ssgqj
Score
8/10
Malware Config
Targets
-
-
Target
https://discord.gg/pg3d
Score8/10-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Detected potential entity reuse from brand MICROSOFT.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
2System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1