043ecf851126758e1c385c7996da325b7c10d45a4c0d56a165a91adc50a8b952 | Triage

Sharing

General

Target

043ecf851126758e1c385c7996da325b7c10d45a4c0d56a165a91adc50a8b952.lnk
Size

338KB
Sample

240213-czf58scc96
MD5

aa17c1186359a1ff75f4c53531de4b40
SHA1

726d59562bf9c5530706337181c995aa7aa7df56
SHA256

043ecf851126758e1c385c7996da325b7c10d45a4c0d56a165a91adc50a8b952
SHA512

27b6b98863ffb086a5712f1f3055373e0107f4062084850563ca3cc1f08df836f1a01f29696a4f1c8a7c38a4118c9c7a99b91afb7fa255bd89e6ec446f062c25
SSDEEP

24:82/ByKnC+/lZnY7t9LQluwN0v+6ezliqYnWcAarab/B4f:8KPnZY78ZemrMqeA4abBC

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.92.248.36/Downloads/config.exe

Targets

- Target
  
  043ecf851126758e1c385c7996da325b7c10d45a4c0d56a165a91adc50a8b952.lnk
- Size
  
  338KB
- MD5
  
  aa17c1186359a1ff75f4c53531de4b40
- SHA1
  
  726d59562bf9c5530706337181c995aa7aa7df56
- SHA256
  
  043ecf851126758e1c385c7996da325b7c10d45a4c0d56a165a91adc50a8b952
- SHA512
  
  27b6b98863ffb086a5712f1f3055373e0107f4062084850563ca3cc1f08df836f1a01f29696a4f1c8a7c38a4118c9c7a99b91afb7fa255bd89e6ec446f062c25
- SSDEEP
  
  24:82/ByKnC+/lZnY7t9LQluwN0v+6ezliqYnWcAarab/B4f:8KPnZY78ZemrMqeA4abBC
Score

10^/10

evasion trojan
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Scheduled Task/Job

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2