Overview

overview

8

Static

static

1

ELWE SKIN ...xt.lnk

windows7-x64

3

ELWE SKIN ...xt.lnk

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    QUICKBOOKS.zip

  • Size

    8.0MB

  • Sample

    240819-2pgfpazdpe

  • MD5

    1bac4843ca6c0a592d8455035dfa2955

  • SHA1

    50c50c250668b37f343f00d15ec3a5a6d81da40a

  • SHA256

    207dfcfb07297a63c4af64bb6749a9e8d06906ddb88cdf3773ee9c09ca439e0e

  • SHA512

    cb3a949db964a70d656821bfa8eabb83e17cf9e5cf17eb85135b3dcd5e8658f519bacbbfd210aab79aed088081ec8cc3fd34fc2880fd5dadab127d9f7842612a

  • SSDEEP

    196608:l58tTe+JRdEyqvIsOseRPzlZPGIK78OPtkqXib5XFx:l5ee+JvEyiIsZkhMZSb5Vx

Score
8/10
execution

Malware Config

Targets

    • Target

      ELWE SKIN INC/Password and Notes.txt.lnk

    • Size

      2KB

    • MD5

      0c56665535bf508bc3159fd6c6bcdea1

    • SHA1

      c0db5d014f63289d7b14404833a3d588cb9bf442

    • SHA256

      c64b94c45f1c1ad501489f156e1ef79b407f0c464867ce6d400740f32ab91f1f

    • SHA512

      f33e183897d9d51636fbf1c1942686c67853be9ca0d8607a55d5588d42cd3bbf03dcca64088efb1e8563b0960d55ab11ece81e0ccdd31535f5f6d52c3a75e463

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks