General

  • Target

    84297536d9873d971dcc783ae2f95af8cbf32c65fccf3c8687af2ba5294b7f30.lnk

  • Size

    148KB

  • Sample

    240517-b3bt9abf55

  • MD5

    d39a73de9f109e3dba408e9481998206

  • SHA1

    30651dada81443db0fde9c3a336955d27b6d9024

  • SHA256

    84297536d9873d971dcc783ae2f95af8cbf32c65fccf3c8687af2ba5294b7f30

  • SHA512

    09c8954ecabbeb36aeb8804858168eb1448f5894c1641a1ba5311f2b33aaeb24814734d0b1f7e777f22910c53bb9df500801907a603d8d71fba139705f444d61

  • SSDEEP

    24:8WEe6Dz358m+pyAWkr+/4x+sPxZvBG0qdd79ds/Z6U/ab9Q9qFBm:8WENDzKvZbnvBG7dJ9A6U/a5QW

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://invoiceinformations.com/InvoiceInfo/Evernote-Invoice

Extracted

Language
hta
Source
URLs
hta.dropper

https://invoiceinformations.com/InvoiceInfo/Evernote-Invoice

Targets

    • Target

      84297536d9873d971dcc783ae2f95af8cbf32c65fccf3c8687af2ba5294b7f30.lnk

    • Size

      148KB

    • MD5

      d39a73de9f109e3dba408e9481998206

    • SHA1

      30651dada81443db0fde9c3a336955d27b6d9024

    • SHA256

      84297536d9873d971dcc783ae2f95af8cbf32c65fccf3c8687af2ba5294b7f30

    • SHA512

      09c8954ecabbeb36aeb8804858168eb1448f5894c1641a1ba5311f2b33aaeb24814734d0b1f7e777f22910c53bb9df500801907a603d8d71fba139705f444d61

    • SSDEEP

      24:8WEe6Dz358m+pyAWkr+/4x+sPxZvBG0qdd79ds/Z6U/ab9Q9qFBm:8WENDzKvZbnvBG7dJ9A6U/a5QW

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks