Overview

overview

10

Static

static

1

Facturas-CmzsbC.lnk

windows7-x64

10

Facturas-CmzsbC.lnk

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c1353073bc0cf85d9beee323ff38eb4a.zip

  • Size

    838B

  • Sample

    241018-kczytsxala

  • MD5

    c1353073bc0cf85d9beee323ff38eb4a

  • SHA1

    997a51f6ce1051429afcb7cf8e907c8042b3458d

  • SHA256

    4074033bfc86388adc42f512390ed34780bbe88990f05dc455d38db8e4844143

  • SHA512

    6947ef54f4969caa594c5c0fb67514e11a3093e2cebeda45c70846b6fd158af0b0c68909b52c60e7296764f068d6bafcd4d69a86163a0e19735fd506483b577f

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://scd1.ddns.net/lnkld

Targets

    • Target

      Facturas-CmzsbC.lnk

    • Size

      2KB

    • MD5

      f3aeed8d467500667a90cfb4b14f39b4

    • SHA1

      21c0dfa08ce3ca1cfd8197d7b22b20f96fca6652

    • SHA256

      b5a0b23cd362b023f0c09ab5915e489ab3ce31a7e6fc139f8f6a74d9857fd941

    • SHA512

      5574e1008cea57249126c3a365dc410cd8f09b43b81ec7fe2127b3ed0e5df424ada43c9fe9f2aea17cb8f14cc614d3390e1a8f12493273592cafa55a118f526e

    Score
    10/10
    execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks