Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    InvoicePayment.lnk

  • Size

    2KB

  • Sample

    210115-jktl2mdl4n

  • MD5

    0e2623d2481a945842960b2d96759d32

  • SHA1

    86ad7f3465926187a5243aad50e25e88d8fb716e

  • SHA256

    83bc020498d9001a23acf434ab33346aea54c19fd27040751e2e61c8cd793b51

  • SHA512

    6503c4f1dd32a69c873020b95e36f794bfd1f2f00a14f3f73da5ff9902bce22dabff513ce47348c447cac1e88d82654951865baf4d1f767920308e68c9546c3a

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://www.minpic.de/k/bgmj/168l7q/

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://www.minpic.de/k/bgmi/113snm/

Targets

    • Target

      InvoicePayment.lnk

    • Size

      2KB

    • MD5

      0e2623d2481a945842960b2d96759d32

    • SHA1

      86ad7f3465926187a5243aad50e25e88d8fb716e

    • SHA256

      83bc020498d9001a23acf434ab33346aea54c19fd27040751e2e61c8cd793b51

    • SHA512

      6503c4f1dd32a69c873020b95e36f794bfd1f2f00a14f3f73da5ff9902bce22dabff513ce47348c447cac1e88d82654951865baf4d1f767920308e68c9546c3a

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks