61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c | Triage

Sharing

General

Target

61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c
Size

2KB
Sample

240212-x26twscg63
MD5

572b88eb24399ecb796a86dfe7f9fc59
SHA1

65db9c2f7228b938744d25035de0db78af615c14
SHA256

61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c
SHA512

0381061daff51e7ff875248838710ee3744849ddf4a3557f8ed71aee6ad524ebaacb4bc388c2feb3bd2d1ec257fefbb6a52e8bb9cac68c6b808936979df4bf9e

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://mw-solaris.com/solaris.hta

Targets

- Target
  
  61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c
- Size
  
  2KB
- MD5
  
  572b88eb24399ecb796a86dfe7f9fc59
- SHA1
  
  65db9c2f7228b938744d25035de0db78af615c14
- SHA256
  
  61085e8dfb80e7de7fba6b83066253f6479fb81b4bbc0b4c4b18477c035bf92c
- SHA512
  
  0381061daff51e7ff875248838710ee3744849ddf4a3557f8ed71aee6ad524ebaacb4bc388c2feb3bd2d1ec257fefbb6a52e8bb9cac68c6b808936979df4bf9e
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2