Overview

overview

10

Static

static

1

94f4b54060...1f.lnk

windows7-x64

10

94f4b54060...1f.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94f4b54060f50523380082879ac262e67477acf5656aec3912078e1d756e9f1f

  • Size

    204KB

  • Sample

    240410-py7ysabc2y

  • MD5

    a367898f46c7a8ce0ba6d6e9690cc4b7

  • SHA1

    406eb9e18df4f031b924a12aa97b26b3e68bddb2

  • SHA256

    94f4b54060f50523380082879ac262e67477acf5656aec3912078e1d756e9f1f

  • SHA512

    65ec8ae463b55875a4e6d58e357feb2d468773c8c8a64e6d9b7d5d8bae089445402873ca6956a7e14056f77e07eccf11e10d5bda056928c60e370b7bf6b59b7a

  • SSDEEP

    6144:+SCiIWB+lCNcOKaUwwbMSnUoMsGzTOEyBYJslfkTIIYFrV:OiHBvNYzVfdMsyTOprIQ

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://a0671524.xsph.ru/bandage/precarious.xml

Targets

    • Target

      94f4b54060f50523380082879ac262e67477acf5656aec3912078e1d756e9f1f

    • Size

      204KB

    • MD5

      a367898f46c7a8ce0ba6d6e9690cc4b7

    • SHA1

      406eb9e18df4f031b924a12aa97b26b3e68bddb2

    • SHA256

      94f4b54060f50523380082879ac262e67477acf5656aec3912078e1d756e9f1f

    • SHA512

      65ec8ae463b55875a4e6d58e357feb2d468773c8c8a64e6d9b7d5d8bae089445402873ca6956a7e14056f77e07eccf11e10d5bda056928c60e370b7bf6b59b7a

    • SSDEEP

      6144:+SCiIWB+lCNcOKaUwwbMSnUoMsGzTOEyBYJslfkTIIYFrV:OiHBvNYzVfdMsyTOprIQ

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks