e6dfdf587e48c0d2b8dd2c08fb7f43a3559655d01516b8435866b86abe17a4fc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6965db865c136786ed9b9c5c3a06350be05d01063186c145b0e4c4d.lnk
Size

1KB
Sample

231023-ys9d4agb46
MD5

3dd0c8098f91c4fe0cb9a085ef76b1ce
SHA1

67c881d76418627e5e13f9ed170389d7deefd738
SHA256

e6dfdf587e48c0d2b8dd2c08fb7f43a3559655d01516b8435866b86abe17a4fc
SHA512

c03b278666a0b93f698ba1465ce971a5466f02839a9dcdebc0adca86db814b6b623bca6da5ae313c6a91fefd69fe8b0b75e6aeefc8d467e89c77bd34d2f140a8

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://solutionsinengineering.com/default.hta

Targets

- Target
  
  c6965db865c136786ed9b9c5c3a06350be05d01063186c145b0e4c4d.lnk
- Size
  
  1KB
- MD5
  
  3dd0c8098f91c4fe0cb9a085ef76b1ce
- SHA1
  
  67c881d76418627e5e13f9ed170389d7deefd738
- SHA256
  
  e6dfdf587e48c0d2b8dd2c08fb7f43a3559655d01516b8435866b86abe17a4fc
- SHA512
  
  c03b278666a0b93f698ba1465ce971a5466f02839a9dcdebc0adca86db814b6b623bca6da5ae313c6a91fefd69fe8b0b75e6aeefc8d467e89c77bd34d2f140a8
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2