Resubmissions

27/01/2025, 13:58

250127-q9shxasmbr 8

23/01/2025, 14:14

250123-rj4nxstmgj 10

16/01/2025, 16:07

250116-tkw2ksxrd1 8

27/03/2024, 18:24

240327-w2havshg38 10

27/03/2024, 17:45

240327-wbzgfscf3v 8

27/03/2024, 15:03

240327-sfcxgahh5s 8

18/03/2024, 17:58

240318-wkla7afc6w 8

General

  • Target

    https://web1.zixmail.net/s/e?b=ctckids&m=ABA9n4rSb4xOoHey5EX3Ebqp&c=ABARyiBP8l13GUpKpL4QdRtp&em=info%40nrtrc%2eorg

  • Sample

    250123-rj4nxstmgj

Malware Config

Targets

    • Target

      https://web1.zixmail.net/s/e?b=ctckids&m=ABA9n4rSb4xOoHey5EX3Ebqp&c=ABARyiBP8l13GUpKpL4QdRtp&em=info%40nrtrc%2eorg

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks