1be8c45867931b837a5630833a9e2a01846538118f9c8e345c1a23a5f2510343

General

Target

1be8c45867931b837a5630833a9e2a01846538118f9c8e345c1a23a5f2510343.rar
Size

933B
Sample

240229-fqy68seb8x
MD5

b569d961b15d7bb0ccc640033f529ccc
SHA1

f37cd9c5ef39d786823359876ef93431b8c28f52
SHA256

1be8c45867931b837a5630833a9e2a01846538118f9c8e345c1a23a5f2510343
SHA512

676d68287387c3af676d4c60e502bf9c2293e043a4b2134afd2cfccc191016646649dd4968ba46f45d170928077bf87a9c7adaec025cf95d7488aa8d98e085e8

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://thanhancompany.com/grip/FYI

Extracted

Language

hta

Source

URLs

hta.dropper

https://thanhancompany.com/grip/FYI

Targets

- Target
  
  WhatsApp Görsel 2024-02-28 saat 14.52.35_809ff0ec.jpg.lnk
- Size
  
  1KB
- MD5
  
  0365118a92333b6faa474aded6b3a6f2
- SHA1
  
  0bcac8b38e4e338508606c897eb7e36ad9d8a68e
- SHA256
  
  98e44c818340bc1657402ed6b463ae52247f6d52d45d4a5aa0e6fad5b4935b1e
- SHA512
  
  08007340cd5d133aae544597937a9cb1de83f29ff068c1aec023f3182dac1b92f7b150d2e0ecb9392f756c8271a759198840718cba82387432093e691dac3eaf
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2