1ed0fd59fd0125ae3c9cbd51570119a46fd56a59fe5fff03421ffa62cc5e08b8

General

Target

1ed0fd59fd0125ae3c9cbd51570119a46fd56a59fe5fff03421ffa62cc5e08b8.rar
Size

922B
Sample

240229-f3jbjsfa6w
MD5

0f8dd025f4c930414f5adf5387342eab
SHA1

c69fb0b4ad743edd3720f7ca822fbfa6a1eb6a85
SHA256

1ed0fd59fd0125ae3c9cbd51570119a46fd56a59fe5fff03421ffa62cc5e08b8
SHA512

69f07b002f5eed1385d032adec747ea1b1fb6befd732085b4b49c2cef5ed7500f9efa42904a3b0f15116f7851c1cc79fc6d6dab279236cf27265b61e6d98429d

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://thanhancompany.com/grip/FYI

Extracted

Language

hta

Source

URLs

hta.dropper

https://thanhancompany.com/grip/FYI

Targets

- Target
  
  FYI.pdf.lnk
- Size
  
  2KB
- MD5
  
  7aedf8f8a11a97880b16544588f15683
- SHA1
  
  a31781401cc7dac39e62d4812c17cf96f889d350
- SHA256
  
  d8dbb40faf7b8585dc9963d2addf23d922c517623a24770e42f91dbe58975194
- SHA512
  
  db9be41e532757c4e5cb0cc1a8630000718aeb50bce2c4fa937861f445d4e9f35478e64b78fd273c09ae6fe45e8e4c6a3c5f3600e1948cca23137b90f5ecf14c
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2