2d670c55c00de20c44c7927425e7eb88d598d01ff074e21f81f7b97f8603fd7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d670c55c00de20c44c7927425e7eb88d598d01ff074e21f81f7b97f8603fd7c.lnk
Size

2KB
Sample

240314-cpt94sad56
MD5

53be9626183b0da2a1c925c9945a2167
SHA1

aaa985aae647b5f56e34426f657a53ca0207ce92
SHA256

2d670c55c00de20c44c7927425e7eb88d598d01ff074e21f81f7b97f8603fd7c
SHA512

d4f73e5f62b4f46d651064693461d40516665a23f2ecbb4c189d9d3a892eceb85dec46ee3248e01946fb621e9a8658ce99cd0de1b1ac13ff345cb44a4ed307c2

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://94.156.66.115:5012/nkrjsongrskjnxcfbcfgsgdshdfxbfndxgsfzztgskdrzhtrhfxdhxfhxfdht/zxfzdgdhtdzhssh/soneio.exe

Targets

- Target
  
  2d670c55c00de20c44c7927425e7eb88d598d01ff074e21f81f7b97f8603fd7c.lnk
- Size
  
  2KB
- MD5
  
  53be9626183b0da2a1c925c9945a2167
- SHA1
  
  aaa985aae647b5f56e34426f657a53ca0207ce92
- SHA256
  
  2d670c55c00de20c44c7927425e7eb88d598d01ff074e21f81f7b97f8603fd7c
- SHA512
  
  d4f73e5f62b4f46d651064693461d40516665a23f2ecbb4c189d9d3a892eceb85dec46ee3248e01946fb621e9a8658ce99cd0de1b1ac13ff345cb44a4ed307c2
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2