General
-
Target
Ref_VS650185_28_10_2024.pdf.lnk
-
Size
1KB
-
Sample
241103-rxcglavrht
-
MD5
d53df33a543f82f01cd65a969c026f0c
-
SHA1
92b8d55b4dccdcdfc076e08dc10e8f878075a4f7
-
SHA256
a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6
-
SHA512
a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e
Static task
static1
Behavioral task
behavioral1
Sample
Ref_VS650185_28_10_2024.pdf.lnk
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Ref_VS650185_28_10_2024.pdf.lnk
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://urban-trek.shop/api/uz/0547131764/Linipute.json
Targets
-
-
Target
Ref_VS650185_28_10_2024.pdf.lnk
-
Size
1KB
-
MD5
d53df33a543f82f01cd65a969c026f0c
-
SHA1
92b8d55b4dccdcdfc076e08dc10e8f878075a4f7
-
SHA256
a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6
-
SHA512
a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-