Overview

overview

8

Static

static

1

Large_Inno...df.lnk

windows7-x64

7

Large_Inno...df.lnk

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f76e5544331ee2a956d30ada8368e5f8a4e7cf9eb6184d93960dbb04158183f.rar

  • Size

    1KB

  • Sample

    240709-wqxleayglb

  • MD5

    bad635b20d5369d932c4205aa0ef0dfe

  • SHA1

    ee7da1e90afd57fc849ef6a7f452eb34d9cfbd4c

  • SHA256

    8f76e5544331ee2a956d30ada8368e5f8a4e7cf9eb6184d93960dbb04158183f

  • SHA512

    6cbf15cf672b3feae5813b39a5f158f07c42aaed94278ae64bfd8ed36b8bd569fb1d37ff99826a65852cf1008461c5eb0218137be2c1731e606698af25f2245c

Score
8/10

Malware Config

Targets

    • Target

      Large_Innovation_Project_for_Bhutan.pdf.lnk

    • Size

      4KB

    • MD5

      51565dd3cedcdcf0040a62e31758a525

    • SHA1

      6cb2bd09259ed6683304513e657ab0c6abbda9bd

    • SHA256

      14bbe421abe496531f4c63b16881eee23fb2c92b2938335dca1668206882201a

    • SHA512

      d477a7453eb84d754bf8bae374897bfe8e43e633469d8a97c4ee6d4f53e8435959d0974302cdbdfb0fd8f013f3f1d116a071216291c4a8d6bb4f31ddca680786

    • SSDEEP

      48:8oLuaFkhOUTFIXIoI2PsknQ0iXin+fO/IJAqLbhAqLbluZd0Y9XuHQBqiYLq4:8oLXkOXYtXknQHin+WAKZnYY1um3YLq

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks