0a37332f204930e2f59f4c8ba8cc07ca972135e4d7bcb09e1a33eaad47efeb97 | Triage

Sharing

General

Target

InvoiceandLast 4 Digit CC.lnk
Size

1KB
Sample

240521-eag3cagd35
MD5

37fc383dd527ddd05fffdb60e32289a3
SHA1

a88265fac4df3c33048e0fb556f7add82ae10ad8
SHA256

0a37332f204930e2f59f4c8ba8cc07ca972135e4d7bcb09e1a33eaad47efeb97
SHA512

4265ea4d4b889468bb359058eef325566e8e44dd2d6bfdbf6a5e0573d5ff1cea511961342e11d77c0a317d7372121d008f2e0cb08a6167f5a4d555756758f40c

Score

8^/10

execution

Malware Config

Targets

- Target
  
  InvoiceandLast 4 Digit CC.lnk
- Size
  
  1KB
- MD5
  
  37fc383dd527ddd05fffdb60e32289a3
- SHA1
  
  a88265fac4df3c33048e0fb556f7add82ae10ad8
- SHA256
  
  0a37332f204930e2f59f4c8ba8cc07ca972135e4d7bcb09e1a33eaad47efeb97
- SHA512
  
  4265ea4d4b889468bb359058eef325566e8e44dd2d6bfdbf6a5e0573d5ff1cea511961342e11d77c0a317d7372121d008f2e0cb08a6167f5a4d555756758f40c
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2