General
-
Target
IAmFish54.lnk
-
Size
1KB
-
Sample
240505-ltngssee2s
-
MD5
cb759027726654374fcf34b5f41f1d99
-
SHA1
30d37ce6e9b6c5f3b67282edf172b1d5bbff93e1
-
SHA256
9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f
-
SHA512
9f0fc3fc3c49d888a7497dc4e591273a374a9a633d2c818002ebd7029a2be707e5f67ec7b76f92bcaa1ddb354f2ce0fd2d14568d64f46ebde190ab2a85071a00
Static task
static1
Behavioral task
behavioral1
Sample
IAmFish54.lnk
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
IAmFish54.lnk
-
Size
1KB
-
MD5
cb759027726654374fcf34b5f41f1d99
-
SHA1
30d37ce6e9b6c5f3b67282edf172b1d5bbff93e1
-
SHA256
9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f
-
SHA512
9f0fc3fc3c49d888a7497dc4e591273a374a9a633d2c818002ebd7029a2be707e5f67ec7b76f92bcaa1ddb354f2ce0fd2d14568d64f46ebde190ab2a85071a00
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-