General

  • Target

    IAmFish54.lnk

  • Size

    1KB

  • Sample

    240505-ltngssee2s

  • MD5

    cb759027726654374fcf34b5f41f1d99

  • SHA1

    30d37ce6e9b6c5f3b67282edf172b1d5bbff93e1

  • SHA256

    9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f

  • SHA512

    9f0fc3fc3c49d888a7497dc4e591273a374a9a633d2c818002ebd7029a2be707e5f67ec7b76f92bcaa1ddb354f2ce0fd2d14568d64f46ebde190ab2a85071a00

Malware Config

Targets

    • Target

      IAmFish54.lnk

    • Size

      1KB

    • MD5

      cb759027726654374fcf34b5f41f1d99

    • SHA1

      30d37ce6e9b6c5f3b67282edf172b1d5bbff93e1

    • SHA256

      9a04873830044046f8ad246d771427476218a15323dd7b90a4d6a4df3cfc2d3f

    • SHA512

      9f0fc3fc3c49d888a7497dc4e591273a374a9a633d2c818002ebd7029a2be707e5f67ec7b76f92bcaa1ddb354f2ce0fd2d14568d64f46ebde190ab2a85071a00

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks