General

  • Target

    https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-46W046169Y820570F%2FU-0HD129478M486723X%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=RqRa4FNeM-YRhJNtD5CEe1w-U-GKMqe9qvtOZw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-46W046169Y820570F%2FU-0HD129478M486723X%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DRqRa4FNeM-YRhJNtD5CEe1w-U-GKMqe9qvtOZw%22%7D%7D&flowContextData=eCs00SMQg-7DY6fUfeK7SXph2c-eO973VAJZMZ2lF5TpExpLo5ow_Enm3u9fbIbmaBmgSoZKvXzSIaBwkYZ05HYCy4TvDEoKxbuWvT_Ezxz1BCN82PSOwwz0THRT5hlisU4b9eJB7oXdGE-cqrYpSlFuaqmL_dgitGlYR8El1TCC3AIOpGhBf_PQUGEfGisctKN1chAOT1DdyB7lvGoTRSU_4zQmCGJwInYzCNYk6BXgHGuu5USYTir8khSBtf85uildu2ZRDe4Ddqo-kO7JG-gUizBMykJGVEjHvfnsESIx7LYDFW4A8AVJDiNV-KkdVMOUc4S27eV4uQeMbLOiB9uQhkKOx6FCD9OZm0iLJMUpkOlZRcIdOB9fzwZq_yzX8bahI__gOZtEHpUewFQxnvmS3iK4IgCWRlnPZB0aDR7Q5vBbjN9ZkboOy1WyPYQXQaJEd4kmsqbRP67mJThrIXT0YPhCBMQIojiTiH4lSlHk5tOl9pMT_wsPU4IEEXW6_laR_tdwckvkQsJBuod1Spp6mT241tEFhWdjCux7uUjuCR4Z9A2g7wa7MTy&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=3583acda-acd8-11ef-8b1e-7d231ea39775&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=3583acda-acd8-11ef-8b1e-7d231ea39775&calc=f35732450afb5&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

  • Sample

    241209-rnwh4svphk

Malware Config

Targets

    • Target

      https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-46W046169Y820570F%2FU-0HD129478M486723X%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=RqRa4FNeM-YRhJNtD5CEe1w-U-GKMqe9qvtOZw&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-46W046169Y820570F%2FU-0HD129478M486723X%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DRqRa4FNeM-YRhJNtD5CEe1w-U-GKMqe9qvtOZw%22%7D%7D&flowContextData=eCs00SMQg-7DY6fUfeK7SXph2c-eO973VAJZMZ2lF5TpExpLo5ow_Enm3u9fbIbmaBmgSoZKvXzSIaBwkYZ05HYCy4TvDEoKxbuWvT_Ezxz1BCN82PSOwwz0THRT5hlisU4b9eJB7oXdGE-cqrYpSlFuaqmL_dgitGlYR8El1TCC3AIOpGhBf_PQUGEfGisctKN1chAOT1DdyB7lvGoTRSU_4zQmCGJwInYzCNYk6BXgHGuu5USYTir8khSBtf85uildu2ZRDe4Ddqo-kO7JG-gUizBMykJGVEjHvfnsESIx7LYDFW4A8AVJDiNV-KkdVMOUc4S27eV4uQeMbLOiB9uQhkKOx6FCD9OZm0iLJMUpkOlZRcIdOB9fzwZq_yzX8bahI__gOZtEHpUewFQxnvmS3iK4IgCWRlnPZB0aDR7Q5vBbjN9ZkboOy1WyPYQXQaJEd4kmsqbRP67mJThrIXT0YPhCBMQIojiTiH4lSlHk5tOl9pMT_wsPU4IEEXW6_laR_tdwckvkQsJBuod1Spp6mT241tEFhWdjCux7uUjuCR4Z9A2g7wa7MTy&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=3583acda-acd8-11ef-8b1e-7d231ea39775&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=3583acda-acd8-11ef-8b1e-7d231ea39775&calc=f35732450afb5&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin

MITRE ATT&CK Enterprise v15

Tasks