6ca60e2c028afc8d8ae3209646b643aa1ae9694a3a652529afac6141c5d117ac

Sharing

Copy URL

Twitter E-mail

General

Target

7a4a32b57bb087f3bfe0a640bd068108abb8ffe846f9fd2b5718774fc725efe3.lnk.zip
Size

547KB
Sample

240308-s57hdabf4y
MD5

d9c6cc1064b272240b3742cd81ef516d
SHA1

b20644b0983dab09fa26013c3fc2cfc8558849f5
SHA256

6ca60e2c028afc8d8ae3209646b643aa1ae9694a3a652529afac6141c5d117ac
SHA512

45ddb8e717ec27c08647e14e289cb272cd5df3f147006be2bd4b37f347a25803ec2afbbecca75a227333ad5e26aa69ede27647a9cb123a95e5b9802eb5b71675
SSDEEP

3072:KW/qs1Tl6h9ygidLRkbeL3b19kZFTvbztLpTC:x1q9ygiJR6ib19kzztdm

Score

10^/10

persistence

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://goosess.com/read/get.php?wc=iew&vf=lk0100

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/list.php?f=AYFLYVMK.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/upload.php

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://stuckss.com/list.php?f=UMLCWGSL.txt

Targets

- Target
  
  7a4a32b57bb087f3bfe0a640bd068108abb8ffe846f9fd2b5718774fc725efe3.lnk
- Size
  
  367.0MB
- MD5
  
  655893b1641565f8ea04da4d74116b8a
- SHA1
  
  ca5be2d5e6466b5726a3ada88bb9116247493501
- SHA256
  
  7a4a32b57bb087f3bfe0a640bd068108abb8ffe846f9fd2b5718774fc725efe3
- SHA512
  
  6efb7755be4ec4a4ec44e9392e8111c26c15d6b31b5f3f7775125b28cc144045271fd6463a83b2679b6fddd299cb4339517c642f0cc5d54733ba83362e30b540
- SSDEEP
  
  3072:uRrGHfOpcF/hptrdL3MbeL3b19yZFTvbzKObT01:HnrJ3Sib19yzzKZ
Score

10^/10

persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Deletes itself

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2