General
-
Target
https://www.bing.com/ck/a?!&&p=2627c2e2704b62987146ed74582d902fcc8036c2ffb7eea095e5118d79a447faJmltdHM9MTczNjU1MzYwMA&ptn=3&ver=2&hsh=4&fclid=340493cd-36d8-6301-2ded-8689375c62ea&psq=best+free+da+hood+executor&u=a1aHR0cHM6Ly94ZW5vZXhlY3V0b3Iub3JnLw&ntb=1
-
Sample
250112-ck88ga1mbz
Malware Config
Targets
-
-
Target
https://www.bing.com/ck/a?!&&p=2627c2e2704b62987146ed74582d902fcc8036c2ffb7eea095e5118d79a447faJmltdHM9MTczNjU1MzYwMA&ptn=3&ver=2&hsh=4&fclid=340493cd-36d8-6301-2ded-8689375c62ea&psq=best+free+da+hood+executor&u=a1aHR0cHM6Ly94ZW5vZXhlY3V0b3Iub3JnLw&ntb=1
Score10/10-
Detected google phishing page
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Probable phishing domain
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1