Overview

overview

10

Static

static

1

MotodienTW...28.lnk

windows7-x64

10

MotodienTW...28.lnk

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    MotodienTW-PO_#20240228.rar

  • Size

    619B

  • Sample

    240228-g5ea2sdc58

  • MD5

    16e655921dafc54d67be3489a672af4b

  • SHA1

    b25b7d44dbd82b8943a88a61c70979ce31104d3c

  • SHA256

    73853e66d9677b20fdfd0678851852fe3f4586960be399317ede0f23b8224476

  • SHA512

    671768bdf23b354a02bf72d96ce75d9e88c4058d0ad81c8a96907627daa52b4dd6f361b5c64333895e1bcefcf5915efb2f1d670ab944b6661a4375da3f8548d2

Score
10/10
evasiontrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://hadicovn.com/hyhy/motodien

Extracted

Language
hta
Source
URLs
hta.dropper

https://hadicovn.com/hyhy/motodien

Targets

    • Target

      MotodienTW-PO_#20240228.lnk

    • Size

      1KB

    • MD5

      fb225fe9cd4ccc837fcf11a09d5a0ee4

    • SHA1

      24f5a374bccaab4acb2894d0b64638abde0d822d

    • SHA256

      b2fbd1728c2e3e77740d0fc410cc25518d1cb01c11e23e4c074467db9c860a85

    • SHA512

      650aefe0adda15f557089e70d5a52dca4d60d3e1d6d69be906961cda4d3bd600354d7fa6f1787741d7ef7705cb925f84925d859ed33168e9bb404a2307beab32

    Score
    10/10
    evasiontrojan

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks