Resubmissions

12-12-2024 12:51

241212-p3txqavkby 10

12-12-2024 12:43

241212-pycsmswpgq 8

General

  • Target

    https://github.com/Viper4K/malware/tree/master/MEMZ

  • Sample

    241212-pycsmswpgq

Malware Config

Targets

    • Target

      https://github.com/Viper4K/malware/tree/master/MEMZ

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks