Overview

overview

8

Static

static

1

List of Re...es.lnk

windows7-x64

3

List of Re...es.lnk

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01878422491a4d13dcf22acf10712bcae73b2b1eacc7775ecca26c65cc462875.zip

  • Size

    417KB

  • Sample

    240706-bcvvfa1ckk

  • MD5

    2105d115e4922ea8cc205a185a042b8b

  • SHA1

    da094dec50706ea6ca48f4ee128063ad2440abd5

  • SHA256

    01878422491a4d13dcf22acf10712bcae73b2b1eacc7775ecca26c65cc462875

  • SHA512

    6430844632172685e79242a0d40a66817c9dfd2cac744c5d6c43956ba0bdc0a8c40ce1e85d3f3a3e193c21bbd66faf18feedccda9ff220ad659505112118b559

  • SSDEEP

    48:9IzQqzFzv+KVcTRzlB9VvOo4E4E4E4E4E4E4E4E4E4E4E4E4E4E4E4E4E4E4E4Ek:LKfVil/Vk

Score
8/10
execution

Malware Config

Targets

    • Target

      List of Required items and services/List of Required items and services.lnk

    • Size

      362.4MB

    • MD5

      28e4eea484100de0e40bdf9e1fca6c56

    • SHA1

      f576e0a276de1009256bacf81bc0fb4597b47eba

    • SHA256

      b6580a25ecaa55b3f6c2eb77b6addd0392be804e48e238d74d9df6913108a762

    • SHA512

      e7d5ae5e5d7c37ae6011d9ac1b4ea243533ce26b965c220aefba7e5159aded2b62407ac6abc83a44ba3d9a0390847a3fe44fb20783204a3613f0a15e59edf639

    • SSDEEP

      24:8CpHYVKVW7/CWxpfDN/lrfq/GWB/GP/Gw8+8JmVCEFlhLEIfAxk7Z5:8sabJq/BB/s/mPJJc7Kk

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks