Overview

overview

10

Static

static

Barclays C...pg.lnk

windows7_x64

10

Barclays C...pg.lnk

windows10-2004_x64

10

Barclays C...pg.lnk

windows7_x64

10

Barclays C...pg.lnk

windows10-2004_x64

10

Barclays U...pg.lnk

windows7_x64

10

Barclays U...pg.lnk

windows10-2004_x64

10

Personal P...pg.lnk

windows7_x64

10

Personal P...pg.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04f1fce5628ec0cff7f616a37d11bb7498974522e5400bb5a2059dd00e0d0100

  • Size

    331KB

  • Sample

    220204-klh2nsgafk

  • MD5

    3fab9cd9a1da290bdf99256c1f51a4e9

  • SHA1

    17e4beb30721f23379e422672786134185e8219c

  • SHA256

    04f1fce5628ec0cff7f616a37d11bb7498974522e5400bb5a2059dd00e0d0100

  • SHA512

    6ea3493b806c43109f05a5929fc11351deb14f4972acd5917538b845fb3c6619a68cfd3f3a21535cebd0adadc59788399cad65dece4380045018d1b53be2906b

Score
10/10
evilnumpersistencetrojan

Malware Config

Targets

    • Target

      Barclays CC Back.jpg.lnk

    • Size

      83KB

    • MD5

      85b2d96080c853c686f0b7b7284896a8

    • SHA1

      db50fc4ea4f6c13fdbcd28ebe2f1cc44a74a83bf

    • SHA256

      24f7995ebb2eeb1b122232fda871acaa0eff9ba52f5dbe5423a0809c5b3d824e

    • SHA512

      9d419fb9406456937e92d57fc1b21f62cac1838082f6059924630edbefb5b568348553658565d59796d97b6078b28827abdb8c3c6eddb36800d0c78dcceff791

    Score
    10/10
    evilnumtrojanpersistence

    • Evilnum

      A malware family with multiple components distributed through LNK files.

      trojanevilnum

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      Barclays CC Front.jpg.lnk

    • Size

      83KB

    • MD5

      42a0e13c97e0aa0867f769b71e378d24

    • SHA1

      c7575dccc6d1a228393e9ac0840a4c10bb4c1fb2

    • SHA256

      bb579920513264854cb4ff08d86eb4ee6c2ade66ca14abd9752320053a1a7028

    • SHA512

      8106fb31144357c1e3ef61c74157ab60e5f81515d6c831347da09aae68c38fcb2cb58ae74758af1f4db32e590abf123c430821d86016191bedcdf579fbc59f0b

    Score
    10/10
    evilnumtrojanpersistence

    • Evilnum

      A malware family with multiple components distributed through LNK files.

      trojanevilnum

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      Barclays Utility.jpg.lnk

    • Size

      95KB

    • MD5

      48e90ca0f344e1a0445936f2d28ae01f

    • SHA1

      ee050a767eaa5227ed40d7a77b7746aea0554ae5

    • SHA256

      18558a236e6dc15447c4683d38d4cd5c65331f2469b95b65342a1dcc5e4999fe

    • SHA512

      2dc34d7e2afb5571bb473c6598315097298b53674321be629443f51c2b0b3dbecfe4b6bfe010801dc36f8e146fed2fd440ee67538bedf4fb0c44fd109d0dc0dc

    Score
    10/10
    evilnumtrojanpersistence

    • Evilnum

      A malware family with multiple components distributed through LNK files.

      trojanevilnum

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      Personal Passport.jpg.lnk

    • Size

      134KB

    • MD5

      25d6eeba718af78275f2c9a4a58cd8b2

    • SHA1

      97820a79fd43f664f553c46dca682bce135b2cc3

    • SHA256

      e7510a4f5a90271f278970a8cb62d116b15ff08884c072ef44e419f896d65237

    • SHA512

      6f213fb85e5f5f37e5f80e94625dfb04df2eb8682df9dffd2b045ac376a8fdd8a5d97f6f8eda8453fea2adbc1799ae0f9247ad09a2baac9d7c9654cdab4d770e

    Score
    10/10
    evilnumtrojanpersistence

    • Evilnum

      A malware family with multiple components distributed through LNK files.

      trojanevilnum

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks