General

  • Target

    https://github.com/ytisf/theZoo/tree/master/malware/Binaries

  • Sample

    250516-attg9svjw9

Malware Config

Targets

    • Target

      https://github.com/ytisf/theZoo/tree/master/malware/Binaries

    • Renames multiple (4276) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks