Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/E...

windows10-2004-x64

Resubmissions

10-12-2024 16:09

241210-tl51wazlb1 10

10-12-2024 16:09

241210-tlwr7szlay 3

10-12-2024 16:06

241210-tj97tazkfz 7

10-12-2024 16:05

241210-tjx79azkfs 3

09-12-2024 15:24

241209-stjxyaskds 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/Endermanch/MalwareDatabase

  • Sample

    241209-stjxyaskds

Score
10/10
bootkitdiscoveryevasionpersistencephishingtrojanupx

Malware Config

Targets

    • Target

      https://github.com/Endermanch/MalwareDatabase

    Score
    10/10
    bootkitdiscoveryevasionpersistencephishingtrojanupx

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks