Overview

overview

8

Static

static

8

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

7

Resubmissions

30-06-2024 23:55

240630-3ywgmsshkl 8

30-06-2024 23:54

240630-3x7hhssgrn 8

30-06-2024 23:51

240630-3wcxhszble 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.mediafire.com/file/wk98v3qh6lbyuz9/Lightcord.rar/file<@&1243196051440013332>

  • Sample

    240630-3ywgmsshkl

Score
8/10
phishingspywarestealer

Malware Config

Targets

    • Target

      https://www.mediafire.com/file/wk98v3qh6lbyuz9/Lightcord.rar/file<@&1243196051440013332>

    Score
    7/10
    spywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks