11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18 | Triage

Sharing

General

Target

11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18.lnk
Size

292.5MB
Sample

241119-qnwnfaxcpk
MD5

725f2f61dadde4dd4ea0c4ad8666cd2a
SHA1

5b87ffd40088e98e37d889ed0ca08ff237440a1b
SHA256

11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18
SHA512

611d66b543d7a86b98778b99db429b3998afa9f4b0a7b744f5ec1fb3e3180653fe13e0ef6f8d75e09e7309f6aac0a9aa76a6c27486b0ad836fd98e24c5b5e977
SSDEEP

12288:4kz23N5x1aD1vsNcccVFpZxhASzeql05TjeKR3ePe/:/65x1aRi3CfPvl0FjeHm/

Score

7^/10

defense_evasion

Malware Config

Targets

- Target
  
  11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18.lnk
- Size
  
  292.5MB
- MD5
  
  725f2f61dadde4dd4ea0c4ad8666cd2a
- SHA1
  
  5b87ffd40088e98e37d889ed0ca08ff237440a1b
- SHA256
  
  11a16f65bc93892eb674e05389f126eb10b8f5502998aa24b5c1984b415f9d18
- SHA512
  
  611d66b543d7a86b98778b99db429b3998afa9f4b0a7b744f5ec1fb3e3180653fe13e0ef6f8d75e09e7309f6aac0a9aa76a6c27486b0ad836fd98e24c5b5e977
- SSDEEP
  
  12288:4kz23N5x1aD1vsNcccVFpZxhASzeql05TjeKR3ePe/:/65x1aRi3CfPvl0FjeHm/
Score

7^/10

defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion

behavioral2

defense_evasion