Resubmissions

17-12-2024 02:08

241217-ck2hmaxrgk 10

16-12-2024 01:58

241216-cdtt7sxqhs 8

16-12-2024 01:44

241216-b517xsxmes 3

16-12-2024 01:41

241216-b4dp8syqej 3

16-12-2024 01:28

241216-bvm8bawrfz 10

16-12-2024 01:13

241216-blhw8swnas 5

15-12-2024 20:09

241215-yxkarsxkdn 7

General

  • Target

    http://noescape.exe

  • Sample

    241216-cdtt7sxqhs

Malware Config

Targets

    • Target

      http://noescape.exe

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

MITRE ATT&CK Enterprise v15

Tasks