Resubmissions
13-12-2024 13:42
241213-qzv62szngy 1012-12-2024 18:20
241212-wytvgssnay 812-12-2024 17:47
241212-wcwrys1qg1 712-12-2024 17:04
241212-vldr3aspck 812-12-2024 16:25
241212-txbw6szkhx 811-12-2024 19:44
241211-yfvp6swkhv 809-12-2024 19:12
241209-xwm5laxpbt 809-12-2024 17:25
241209-vzfhtavngv 309-12-2024 13:30
241209-qsbh3atnfp 308-12-2024 20:49
241208-zl1n2stqas 8General
-
Target
https://158.69.36.15/files/estrouvinhar.js
-
Sample
241209-xwm5laxpbt
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://158.69.36.15/files/estrouvinhar.js
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
https://158.69.36.15/files/estrouvinhar.js
-
Blocklisted process makes network request
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
A potential corporate email address has been identified in the URL: [email protected]
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1System Services
2Service Execution
2Defense Evasion
Impair Defenses
1Modify Registry
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1