evilnum | 3b7cd07e87902deae4b482e987dea9e25a93a55ec783884e8b466dc55c346bce | Triage

Sharing

General

Target

6363ddf8a20345c0201868b209afbd63_JaffaCakes118
Size

685KB
Sample

240722-qzgcws1crr
MD5

6363ddf8a20345c0201868b209afbd63
SHA1

941727ee9620624f595175468c27f863e3c2bc4a
SHA256

3b7cd07e87902deae4b482e987dea9e25a93a55ec783884e8b466dc55c346bce
SHA512

f885eb46111da748b28b6a78d8e59e8e4f614e66e2e051e7a04d2d857c41513fdf68db77e2ee5319195389d6bd17e08fe5a2b159312e6deff5d157edfe8b2fe4
SSDEEP

12288:TQiqkgLGVRivcLwOtIO1nyhuEBUdw3VTVhUn5n/oGugyJ3Yql:TdqLGnZn1NEBUdwa5ngfg4j

Score

10^/10

evilnum execution trojan

Malware Config

Targets

- Target
  
  6363ddf8a20345c0201868b209afbd63_JaffaCakes118
- Size
  
  685KB
- MD5
  
  6363ddf8a20345c0201868b209afbd63
- SHA1
  
  941727ee9620624f595175468c27f863e3c2bc4a
- SHA256
  
  3b7cd07e87902deae4b482e987dea9e25a93a55ec783884e8b466dc55c346bce
- SHA512
  
  f885eb46111da748b28b6a78d8e59e8e4f614e66e2e051e7a04d2d857c41513fdf68db77e2ee5319195389d6bd17e08fe5a2b159312e6deff5d157edfe8b2fe4
- SSDEEP
  
  12288:TQiqkgLGVRivcLwOtIO1nyhuEBUdw3VTVhUn5n/oGugyJ3Yql:TdqLGnZn1NEBUdwa5ngfg4j
Score

10^/10

evilnum execution trojan
- Evilnum
  A malware family with multiple components distributed through LNK files.
  trojan evilnum
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilnumexecutiontrojan

behavioral2

evilnumexecutiontrojan