4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4 | Triage

Resubmissions

30-04-2024 13:47

240430-q31wpsgd21 10

19-04-2024 12:12

240419-pdkbzscd2x 10

Sharing

General

Target

4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4.lnk
Size

1KB
Sample

240419-pdkbzscd2x
MD5

c5140207d2276f64b3a8f4ccd3487723
SHA1

4d688086cd47a23444b2329fbd83a3740c40d0ca
SHA256

4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4
SHA512

ac0a2830b6f4bc36901252f1c0dc575f07a24c3194dec822964f59f6f7291e64e23522a8c956afd24de68122b782aa283ce97ef2e4720587feb2bd67a443c210

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://194.180.191.34/pr/relationship.tmp

Targets

- Target
  
  4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4.lnk
- Size
  
  1KB
- MD5
  
  c5140207d2276f64b3a8f4ccd3487723
- SHA1
  
  4d688086cd47a23444b2329fbd83a3740c40d0ca
- SHA256
  
  4102d9b119dd8eb1f4e74ccea7c23fa7fc84d44cb8079abdabbe51629ea25ec4
- SHA512
  
  ac0a2830b6f4bc36901252f1c0dc575f07a24c3194dec822964f59f6f7291e64e23522a8c956afd24de68122b782aa283ce97ef2e4720587feb2bd67a443c210
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2