evilnum | db5d09edc2e9676a41f26f5f4310df9d13abdae8011b1d37af7139008362d5f1 | Triage

Sharing

General

Target

aad36ffbe3fc85f853751f4329a346e9_JaffaCakes118
Size

685KB
Sample

240819-nkgzrs1fkc
MD5

aad36ffbe3fc85f853751f4329a346e9
SHA1

fd443a1f4dfaa6ad38f0581f58ab38a0b0478770
SHA256

db5d09edc2e9676a41f26f5f4310df9d13abdae8011b1d37af7139008362d5f1
SHA512

430d00f4bc9f6fa18bd257d90deca104752c5a45fdcb4e54eb5a8d08de2daab43a205c0fea57da93fea6d444106534311f44c734f7b396c2c7ad53c74d3a11b1
SSDEEP

12288:cQiqkgLGVRivcLwOtIO1nyhuEBUdw3VTVhUnpn/oGugkCA:cdqLGnZn1NEBUdwapngfgkCA

Score

10^/10

evilnum execution trojan

Malware Config

Targets

- Target
  
  aad36ffbe3fc85f853751f4329a346e9_JaffaCakes118
- Size
  
  685KB
- MD5
  
  aad36ffbe3fc85f853751f4329a346e9
- SHA1
  
  fd443a1f4dfaa6ad38f0581f58ab38a0b0478770
- SHA256
  
  db5d09edc2e9676a41f26f5f4310df9d13abdae8011b1d37af7139008362d5f1
- SHA512
  
  430d00f4bc9f6fa18bd257d90deca104752c5a45fdcb4e54eb5a8d08de2daab43a205c0fea57da93fea6d444106534311f44c734f7b396c2c7ad53c74d3a11b1
- SSDEEP
  
  12288:cQiqkgLGVRivcLwOtIO1nyhuEBUdw3VTVhUnpn/oGugkCA:cdqLGnZn1NEBUdwapngfgkCA
Score

10^/10

evilnum execution trojan
- Evilnum
  A malware family with multiple components distributed through LNK files.
  trojan evilnum
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evilnumexecutiontrojan

behavioral2

evilnumexecutiontrojan