3ad8f87352fa728a50ddf29d9b8e0ceb78d54cfa6d91f485c6df06cd0898244c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ad8f87352fa728a50ddf29d9b8e0ceb78d54cfa6d91f485c6df06cd0898244c.lnk
Size

1KB
Sample

240111-m4j3sseeej
MD5

f5cd6dfa22f3364b0f940eb841d8ea5d
SHA1

9969c00f4e7d9954423b79e995fa11015c8c5955
SHA256

3ad8f87352fa728a50ddf29d9b8e0ceb78d54cfa6d91f485c6df06cd0898244c
SHA512

60d347b1293b4bdb06feb3e98038db69207639a52e3e00ba802071079fac3e68e90573c1a28346f5f1c2911706a91962eed0f95b595b5d9a3893ddce688e76e4

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://45.153.243.208/a57

Targets

- Target
  
  3ad8f87352fa728a50ddf29d9b8e0ceb78d54cfa6d91f485c6df06cd0898244c.lnk
- Size
  
  1KB
- MD5
  
  f5cd6dfa22f3364b0f940eb841d8ea5d
- SHA1
  
  9969c00f4e7d9954423b79e995fa11015c8c5955
- SHA256
  
  3ad8f87352fa728a50ddf29d9b8e0ceb78d54cfa6d91f485c6df06cd0898244c
- SHA512
  
  60d347b1293b4bdb06feb3e98038db69207639a52e3e00ba802071079fac3e68e90573c1a28346f5f1c2911706a91962eed0f95b595b5d9a3893ddce688e76e4
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2