Overview

overview

10

Static

static

24f7995ebb...4e.lnk

windows7_x64

10

24f7995ebb...4e.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24f7995ebb2eeb1b122232fda871acaa0eff9ba52f5dbe5423a0809c5b3d824e

  • Size

    83KB

  • Sample

    220204-kfrfvsfgh3

  • MD5

    85b2d96080c853c686f0b7b7284896a8

  • SHA1

    db50fc4ea4f6c13fdbcd28ebe2f1cc44a74a83bf

  • SHA256

    24f7995ebb2eeb1b122232fda871acaa0eff9ba52f5dbe5423a0809c5b3d824e

  • SHA512

    9d419fb9406456937e92d57fc1b21f62cac1838082f6059924630edbefb5b568348553658565d59796d97b6078b28827abdb8c3c6eddb36800d0c78dcceff791

Score
10/10
evilnumpersistencetrojan

Malware Config

Targets

    • Target

      24f7995ebb2eeb1b122232fda871acaa0eff9ba52f5dbe5423a0809c5b3d824e

    • Size

      83KB

    • MD5

      85b2d96080c853c686f0b7b7284896a8

    • SHA1

      db50fc4ea4f6c13fdbcd28ebe2f1cc44a74a83bf

    • SHA256

      24f7995ebb2eeb1b122232fda871acaa0eff9ba52f5dbe5423a0809c5b3d824e

    • SHA512

      9d419fb9406456937e92d57fc1b21f62cac1838082f6059924630edbefb5b568348553658565d59796d97b6078b28827abdb8c3c6eddb36800d0c78dcceff791

    Score
    10/10
    evilnumtrojanpersistence

    • Evilnum

      A malware family with multiple components distributed through LNK files.

      trojanevilnum

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks