16c5de25abf832d88ac0b1e1cea56d1c63c1bff73a02d72ba8e494383f04dc90 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

putty.lnk
Size

2.0MB
Sample

240213-vrzlqade9y
MD5

3971540a21881d615645ed19c59089dc
SHA1

a5f93eeb9d9de5694b193263b5ef2c98bcdfff95
SHA256

16c5de25abf832d88ac0b1e1cea56d1c63c1bff73a02d72ba8e494383f04dc90
SHA512

3414caea03218f73db82a81e983af3e0076e44c24bd802520169f684afcf70a85028c59e06004753b2a082eea7a66fada440faccebfe8b729a93ba158190cafe
SSDEEP

24:8lo/ByKnY+/lOk3wKr4pmnaD7AaHrlcKO:8iPNOCwFpmnaHAqlM

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://mw-solaris.com/putty.hta

Targets

- Target
  
  putty.lnk
- Size
  
  2.0MB
- MD5
  
  3971540a21881d615645ed19c59089dc
- SHA1
  
  a5f93eeb9d9de5694b193263b5ef2c98bcdfff95
- SHA256
  
  16c5de25abf832d88ac0b1e1cea56d1c63c1bff73a02d72ba8e494383f04dc90
- SHA512
  
  3414caea03218f73db82a81e983af3e0076e44c24bd802520169f684afcf70a85028c59e06004753b2a082eea7a66fada440faccebfe8b729a93ba158190cafe
- SSDEEP
  
  24:8lo/ByKnY+/lOk3wKr4pmnaD7AaHrlcKO:8iPNOCwFpmnaHAqlM
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1