General

  • Target

    Everything.lnk

  • Size

    1KB

  • Sample

    240404-qj52bagh3y

  • MD5

    ffecb90132f0cd7ffd44b60679112d17

  • SHA1

    5d26ce6e9117b53b21790715b4e96bfe96800ba9

  • SHA256

    f9ed936f57c76e511e16579aefbf64ac72484abaa8639701d10243dc4eafddc2

  • SHA512

    559272f155e5ac339b387314e2922c883b16b9aa96b453ddcee1c5e3a008e34eb91d9968ebadd45364e7c81b8ffaba54f396d5362dfdd22d57673a557ef7b78c

Malware Config

Targets

    • Target

      Everything.lnk

    • Size

      1KB

    • MD5

      ffecb90132f0cd7ffd44b60679112d17

    • SHA1

      5d26ce6e9117b53b21790715b4e96bfe96800ba9

    • SHA256

      f9ed936f57c76e511e16579aefbf64ac72484abaa8639701d10243dc4eafddc2

    • SHA512

      559272f155e5ac339b387314e2922c883b16b9aa96b453ddcee1c5e3a008e34eb91d9968ebadd45364e7c81b8ffaba54f396d5362dfdd22d57673a557ef7b78c

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks