General
-
Target
Instruction_1921_W9COI.pdf.lnk.zip
-
Size
1KB
-
Sample
241112-1wltbasdlk
-
MD5
8c5a22c9d713451e7df6ffe0055efa7d
-
SHA1
c5b0bf47952dcea6364078b02e6963444979a02e
-
SHA256
71a7d558b6dc215728e20ac4320ed6b26dafa9a3656558f53fa0ef5f1e79f3c7
-
SHA512
9002334ca70918e8ec89a4686d2534841ba0ebfc150f0c93a77e5e7b75e5ea220858c7168dca205027e5529e194e3491bf46632a4d0126a54a62091a55bf7bf3
Static task
static1
Behavioral task
behavioral1
Sample
Instruction_1921_W9COI.pdf.lnk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Instruction_1921_W9COI.pdf.lnk
Resource
win11-20241007-en
Malware Config
Extracted
https://rt2kl9.vibrant-minds.shop/api/reg/BaristaBagging.json
Targets
-
-
Target
Instruction_1921_W9COI.pdf.lnk.bin
-
Size
2KB
-
MD5
a6aa04067a00840bd40f5cbbd551800d
-
SHA1
1bf1b4d609f1b0001edf2785189410021dec912c
-
SHA256
bf198d170af6f42fc1c94b154002a0b4e99c1dded83b86902a52bd82d2a382ab
-
SHA512
04181ed58817288cae7fca9e634a117c8acde7f5e16bb5b294f8aca4303b69e1245583a30a5447252e763d4633bcfc70c5879ea8e8ae5cf25d622352b8f44591
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Indirect Command Execution
Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
-