d7b278d20f47203da07c33f646844e74cb690ed802f2ba27a74e216368df7db9 | Triage

Sharing

General

Target

186523.pdf.lnk.bin
Size

3KB
Sample

240919-geffestenl
MD5

7007778e4e8c98c94d20b0243b7743f1
SHA1

c771ee88e3951e337a26ebfdcfc1218d414dbdad
SHA256

d7b278d20f47203da07c33f646844e74cb690ed802f2ba27a74e216368df7db9
SHA512

25f21b662a55b64818b70d593b680bd3e1e05dbf0ee018cbd3912327006e0d5334df5552e9e469afe01797c3e00fc4c65aefbe45bce943d1944642babee87fcf

Score

8^/10

Malware Config

Targets

- Target
  
  186523.pdf.lnk.bin
- Size
  
  3KB
- MD5
  
  7007778e4e8c98c94d20b0243b7743f1
- SHA1
  
  c771ee88e3951e337a26ebfdcfc1218d414dbdad
- SHA256
  
  d7b278d20f47203da07c33f646844e74cb690ed802f2ba27a74e216368df7db9
- SHA512
  
  25f21b662a55b64818b70d593b680bd3e1e05dbf0ee018cbd3912327006e0d5334df5552e9e469afe01797c3e00fc4c65aefbe45bce943d1944642babee87fcf
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2