0b79e1194644431c2e28c48aa3654e658a2907e1003cd0484cd00a0796ebe6bb | Triage

Sharing

General

Target

Matrixport Salary Increase.pdf.lnk
Size

391KB
Sample

220921-2p1jkachbk
MD5

47429bf0f19ab16bd659c9039b164a9e
SHA1

954493af1b8402a3dd27c4081724678adc522777
SHA256

0b79e1194644431c2e28c48aa3654e658a2907e1003cd0484cd00a0796ebe6bb
SHA512

c88734121ed700bdad92ba8525b180a5b345995d0114c5ab46b3f6fd05bd7caae75ea329c4e9e4fab5939ba1ad4db467fabdbc05812314e65959ccab2d391a22
SSDEEP

12288:ZGtnJ/gnqf+ys4BTC6jQcQovnjTuZrDIh:ZMntn+yFTd/jqJa

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://ms.onlineshares.cloud/WpY6pcQaHB5FyGgjo48r/RkErGkgsq73IIAq0bSVo04=

Targets

- Target
  
  Matrixport Salary Increase.pdf.lnk
- Size
  
  391KB
- MD5
  
  47429bf0f19ab16bd659c9039b164a9e
- SHA1
  
  954493af1b8402a3dd27c4081724678adc522777
- SHA256
  
  0b79e1194644431c2e28c48aa3654e658a2907e1003cd0484cd00a0796ebe6bb
- SHA512
  
  c88734121ed700bdad92ba8525b180a5b345995d0114c5ab46b3f6fd05bd7caae75ea329c4e9e4fab5939ba1ad4db467fabdbc05812314e65959ccab2d391a22
- SSDEEP
  
  12288:ZGtnJ/gnqf+ys4BTC6jQcQovnjTuZrDIh:ZMntn+yFTd/jqJa
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2