General
-
Target
Everything.lnk
-
Size
1KB
-
Sample
240404-qj52bagh3y
-
MD5
ffecb90132f0cd7ffd44b60679112d17
-
SHA1
5d26ce6e9117b53b21790715b4e96bfe96800ba9
-
SHA256
f9ed936f57c76e511e16579aefbf64ac72484abaa8639701d10243dc4eafddc2
-
SHA512
559272f155e5ac339b387314e2922c883b16b9aa96b453ddcee1c5e3a008e34eb91d9968ebadd45364e7c81b8ffaba54f396d5362dfdd22d57673a557ef7b78c
Static task
static1
Behavioral task
behavioral1
Sample
Everything.lnk
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Everything.lnk
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Everything.lnk
-
Size
1KB
-
MD5
ffecb90132f0cd7ffd44b60679112d17
-
SHA1
5d26ce6e9117b53b21790715b4e96bfe96800ba9
-
SHA256
f9ed936f57c76e511e16579aefbf64ac72484abaa8639701d10243dc4eafddc2
-
SHA512
559272f155e5ac339b387314e2922c883b16b9aa96b453ddcee1c5e3a008e34eb91d9968ebadd45364e7c81b8ffaba54f396d5362dfdd22d57673a557ef7b78c
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-