Overview

overview

10

Static

static

1

Letter_Of_...df.lnk

windows7-x64

3

Letter_Of_...df.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Letter_Of_Intention.pdf.lnk

  • Size

    2KB

  • Sample

    230202-tt5ebahc73

  • MD5

    db8b6e721301ce8d986877d2e9b821b3

  • SHA1

    95babc0e92aed7668b13725c4ad04318f9178a2d

  • SHA256

    808a15dbb98bcbeedf375303e8250fe10e8f90aa6f83fad083d878ced6a35366

  • SHA512

    2348aff088738961863486b8cdac74beae06a27707298050dfffbeaaf2fb3b888c90b5555156b0abff2a4962f5624afa2e6d0ba9ec9f9fddae49f4965eec7227

Score
10/10
evasiontrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://179.43.176.16/intention.hta

Targets

    • Target

      Letter_Of_Intention.pdf.lnk

    • Size

      2KB

    • MD5

      db8b6e721301ce8d986877d2e9b821b3

    • SHA1

      95babc0e92aed7668b13725c4ad04318f9178a2d

    • SHA256

      808a15dbb98bcbeedf375303e8250fe10e8f90aa6f83fad083d878ced6a35366

    • SHA512

      2348aff088738961863486b8cdac74beae06a27707298050dfffbeaaf2fb3b888c90b5555156b0abff2a4962f5624afa2e6d0ba9ec9f9fddae49f4965eec7227

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks