e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3 | Triage

Sharing

General

Target

e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3.lnk
Size

2KB
Sample

240425-ckjyksdf2x
MD5

82fde340f187a517e0feced1d4972363
SHA1

07740ba4e30a1dbc830451a0d05130ba1af28be9
SHA256

e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
SHA512

db1630813f3a6e19b9c1bfb6dbaecd3829592230635721df5e2121217bbe2ea2a7594eae7061d5d2ce2baf4bfad5687ce22fa58dba94e8e30b0d7630e872f79c

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://www.sessosesso.it/assets/aw/yt.hta

Extracted

Language

hta

Source

URLs

hta.dropper

https://www.sessosesso.it/assets/aw/yt.hta

Targets

- Target
  
  e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3.lnk
- Size
  
  2KB
- MD5
  
  82fde340f187a517e0feced1d4972363
- SHA1
  
  07740ba4e30a1dbc830451a0d05130ba1af28be9
- SHA256
  
  e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
- SHA512
  
  db1630813f3a6e19b9c1bfb6dbaecd3829592230635721df5e2121217bbe2ea2a7594eae7061d5d2ce2baf4bfad5687ce22fa58dba94e8e30b0d7630e872f79c
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2