Overview

overview

10

Static

static

samples/As...cx.lnk

windows7_x64

10

samples/As...cx.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/Im...pg.lnk

windows7_x64

10

samples/Im...pg.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1af2c8d963b56512e04a7f2136b3794f4172ae089e72880119e6bcdba4e9df9c

  • Size

    695KB

  • Sample

    220322-pth4vsfah3

  • MD5

    25e76e7b8fd0132f44d1ef708d0ed023

  • SHA1

    7346c14c42da80ccdfcb210aaac8ecd861b5511a

  • SHA256

    1af2c8d963b56512e04a7f2136b3794f4172ae089e72880119e6bcdba4e9df9c

  • SHA512

    1b0d2154449bdf4d7b362d8c17f9c6cf4e424b36825111ae1d2c955ad27bd5cf218e280747c4c3f6bbf66705b8eff262213a35c5590273b9d4cf1280e9357a1f

Score
10/10
persistence

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://www.inapharma.in/css/files/docs/Assignment-Covid-19/css

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/awanda/http/

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image1

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image2

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image3

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image4

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image5

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image6

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image7

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image8

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20201220_211940

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210111_125841

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210603_122317

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210603_122331

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210628_105339

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210628_160548

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Bn-Offrs-Album/Image-8646-ZP

Targets

    • Target

      samples/Assignment-Covid-19.docx.lnk

    • Size

      441KB

    • MD5

      46a0ed16f446c9d5c948c0df1913760a

    • SHA1

      2bda2bb80eb79574eecff90ebcc8579e29f310b9

    • SHA256

      2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83

    • SHA512

      a888521af25310f40074230056d14e2f73725e34b1b364ff751220bce5ef22a4fdc52ea83f1b7a0c17a8b94c7c4cb714bfbfbe02ee9c7c8ed6b358adf3f7921c

    Score
    10/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      samples/IMG20100510171450.jpg.lnk

    • Size

      1KB

    • MD5

      9eae344a255251254eb236a5b87b5790

    • SHA1

      72c8a2c84598ed2b394635ed36a253edf46a8f44

    • SHA256

      b55cd403d53f483d55f015e8fb884cc203f93af81b0ef6de9e1809647a17478f

    • SHA512

      e12e47eda16b5c1e0d115af95f5e6ee82718ba1f1b2650a5cd0add92cefe97050d16b799c283050fce456cbbf828bbf29cdcddddad4c90ae141b9e08ba51bb4a

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      samples/IMG20100510223001.jpg.lnk

    • Size

      1KB

    • MD5

      cf6a968486a4215213c137536a6b5838

    • SHA1

      78821673dca4dd90b71e64aa61e40e010f07a22b

    • SHA256

      41350960c79e404fd6127c6cfd0951e948e7743073d58fbd767818c6353b269a

    • SHA512

      2ffea4638f422500ab42033851fa70f8d7b784a8dce757610275d4de1cd92f16b4e03b413e37f1e492871def8c91babb8c376fe20d84f003e3ed34f2d9fa77c3

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      samples/IMG20201210342791.jpg.lnk

    • Size

      1KB

    • MD5

      41396dd603a7598248982c1e6ee99a80

    • SHA1

      538a54194158fc8ebd3abf26065fc6bee58c62ba

    • SHA256

      4e72308cf647e89c22a85af9dee015d38a86baf170304c4e468b486aaaf9dc31

    • SHA512

      156ce4616979b4ee1e08a35f468e657908f82c0b81ae1ab8e3d9f2f173ae50f0a122f9e568b953af641cb26cefbaf2e85e33c26d9dfe5552a8353b91ab3a95dc

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      samples/IMG20210588270623.jpg.lnk

    • Size

      1KB

    • MD5

      18b3f8fb699d04f17a3d6b20061d3d24

    • SHA1

      35dc4dd6379582e21bc102c9fccd4a6c836b7040

    • SHA256

      2f2b6cc258b82a24fb42e8b0528a63226f8e06c15b2f851fad6db87024b01ed3

    • SHA512

      22015058707c39b357aba7ac21cc3e5ef9af5635d39987ae0d91e143f456baeb8844f76a0bc265608d8b5b7def2884ee36ba8c496be3b41736f65f62b16fb1bd

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral9behavioral10

    • Target

      samples/IMG20210713121548.jpg.lnk

    • Size

      1KB

    • MD5

      cac1f13a4f9670a5419a843d33f2bfd6

    • SHA1

      8239d0182e8d0aef620a9cc6e4bd1bf9db075ea1

    • SHA256

      44d57154908461afb71eef59f25b56d56ac442cf70b58da2fd55cf5cee67f778

    • SHA512

      9bc7fafc0ffe7cd257f2d2a20eb10d27fb715193b158b04e3e547b8b499cda5b54c076b5af696248c03b28b7a408332c274e1b71ea649c664c6f9430a66c57f4

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      samples/IMG20210743209813.jpg.lnk

    • Size

      1KB

    • MD5

      43061de1fc88a0aca42389eb10631a87

    • SHA1

      7625e3384837016583cda75aa42f340a396d2a12

    • SHA256

      4ddfde212867c4fafa535c2dbc24d4b289f7ec8b217e50b3208c0c4392426045

    • SHA512

      7f9760b16956c55e0a2c4ff228fcd76b1fc5aa5c24f31495b09cbc510b399fe06fe6e815ba1cc6e7651ffac019d7f6d063e4dbe4a7d9121db90fa32fc6c0effe

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      samples/IMG20210911131002.jpg.lnk

    • Size

      1KB

    • MD5

      a242f83235676c39f387579d66cb5d2c

    • SHA1

      4f62159ff23b1be912a129b07e1dc5006576b3fb

    • SHA256

      8ad75311ad9aac9d04d3471b7b40ce2d0aeb7f5c6c7d86b29c24aef4d4bfc51b

    • SHA512

      81fd67a598dbe699860d701c78f1ea3f1ce30d4a2066060e4f5497c21538152222759ab791cc3be95f2adc60fba1ddc1cb6e35b8a0e0099ecad92b08e1794ce9

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      samples/IMG20210918232755.jpg.lnk

    • Size

      1KB

    • MD5

      999ee25489b213fbfe71a1ac2bd1de42

    • SHA1

      970967db603ad1095c5a4f98a5fa019ad323bf28

    • SHA256

      f9466a54fb75d5084ee6ab6b5d667250c6aaaa710b325500a5f5435ba5fe9384

    • SHA512

      eee0f65fc65ad43ecc75f61d07d9cd2fe9ec0e4a5b46a6b32ac61e506427bcf5e421b13a307a404f8e74c586d07531ab7e7acb5b0cf17288b28658e8563c676c

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral17behavioral18

    • Target

      samples/IMG_20201220_211940.jpg.lnk

    • Size

      61KB

    • MD5

      4719d38df44b6adaf747e9e5393a42a2

    • SHA1

      75bee47db44cc3d49fb89961c5d56850d730c8ef

    • SHA256

      426a772c292688f492a2d5e0123be9112162654de8e06cdfbb6be60138ef20fc

    • SHA512

      8a93396d69609032775b99973d9ffaf2455ba11975ce96fc9e716689b507add46ac613895943c734654c73e9f3bf04877ca7db8baa59d3ee47f61e506107f06e

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

    • Target

      samples/IMG_20210111_125841.jpg.lnk

    • Size

      29KB

    • MD5

      0cc31107c3424949102a31bddedfe867

    • SHA1

      585571b2214b18ea0c17f5fe299abae3cdebc15e

    • SHA256

      3ff6bcb1912539579eb728e06e32ec4299b62b95a3000e93e4840d669b1e29ef

    • SHA512

      b6bb60215a5525f37b08fc5b1dea758167fa7184c2bb15f8c198ead5732ac15f14e5c1e176034e4fc2b5b56f6ad1b0a0aea5139fa83da80b079cc113dc7d3980

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral21behavioral22

    • Target

      samples/IMG_20210603_122317.jpg.lnk

    • Size

      24KB

    • MD5

      041652e37aa0448a2557855f1af38298

    • SHA1

      820a817a74e73acb25ea8a567f11b47e608d88de

    • SHA256

      ec5ce96649dc44602aad947047b13df8bb43da9cdfdd0d8d7c25c48e41fea200

    • SHA512

      10ceba0c348089c28fd76d4e9d02d6876ce19cb15b971ac1faca6ef26a8d4509c80ab6ebcd599b31cf56e64384b1bab0e06b3c2ad7a642937c321a493dff274d

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral23behavioral24

    • Target

      samples/IMG_20210603_122331.jpg.lnk

    • Size

      54KB

    • MD5

      90b67f8679b286aeffb338090998d609

    • SHA1

      a4448457b6950f1337da0dbf973b96f316b405c2

    • SHA256

      b09ec2c531dce3b866bbb5b8945e6cb049b12b3c092e23213c51beb1e1db9fb3

    • SHA512

      8c9c4ce4270a0c1e6818811f345acc41e546dc16e212f9f190b1a502fba81bed8a1b8c3b9b8077205457cfd240128a67b1bf50200a3df3126c5c31a624a8fa14

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral25behavioral26

    • Target

      samples/IMG_20210628_105339.jpg.lnk

    • Size

      88KB

    • MD5

      b6f35bc00581d77723bbee101e288077

    • SHA1

      35cc34c9942595b187c0beeda83c0b0f3a1babb1

    • SHA256

      64beb3e30dccf26b3a3f131180b88fefa48549d4ae7e6190b1de605f9b3974f0

    • SHA512

      f38aa1d1f54307b4d0969022fcfb17f7ef52b6302550f09905feca3c12a43fa24662ee660b23dc0abd74db80b64f083c788562dca2f09bc7f54fef2e837ff13c

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral27behavioral28

    • Target

      samples/IMG_20210628_160548.jpg.lnk

    • Size

      23KB

    • MD5

      eef19079fc52533b1439b4dfc7bd57b3

    • SHA1

      ef93d5185addc5fc51aea0c431e1a08abbb105c3

    • SHA256

      a293e19f25b2b5189b5a8885867552c88ea11f454f2656b8c32931fe116743d6

    • SHA512

      de9469c3406c262521230a1e1c4bb3315ce0f46535cdb9f89a18c77444f0b7c78864ecccd2cbbad47deb7dd9d9431f5eddac0372480773e064d37b048f6399f7

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral29behavioral30

    • Target

      samples/Image-8646-ZP.jpg.lnk

    • Size

      1KB

    • MD5

      e163fbce2507c89a106c8ad001dc099a

    • SHA1

      afd8e902f55dbefcfa4afa30c95ce49b2daef6aa

    • SHA256

      61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f

    • SHA512

      a6dc129fd6cfc820461b29c3b9c35539f7bd45e67a383c1cb8c9a437509046edac793dd6b134a379b3be1768dc3daba0ea5d914be5624a4c10a4402d32d99b82

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral31behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
10/10

behavioral2

persistence
Score
10/10

behavioral3

Score
10/10

behavioral4

Score
10/10

behavioral5

Score
10/10

behavioral6

Score
10/10

behavioral7

Score
10/10

behavioral8

Score
10/10

behavioral9

Score
10/10

behavioral10

Score
10/10

behavioral11

Score
10/10

behavioral12

Score
10/10

behavioral13

Score
10/10

behavioral14

Score
10/10

behavioral15

Score
10/10

behavioral16

Score
10/10

behavioral17

Score
10/10

behavioral18

Score
10/10

behavioral19

Score
10/10

behavioral20

Score
10/10

behavioral21

Score
10/10

behavioral22

Score
10/10

behavioral23

Score
10/10

behavioral24

Score
10/10

behavioral25

Score
10/10

behavioral26

Score
10/10

behavioral27

Score
10/10

behavioral28

Score
10/10

behavioral29

Score
10/10

behavioral30

Score
10/10

behavioral31

Score
10/10

behavioral32

Score
10/10