6320c823373c9d7e46a0b07d3cf9182077591c62add5f7417490531f70467681 | Triage

Sharing

General

Target

6320c823373c9d7e46a0b07d3cf9182077591c62add5f7417490531f70467681.lnk
Size

1KB
Sample

240523-bzq5rsha68
MD5

4f3d62489ec58662e1acd166b626631f
SHA1

49d5d56e0d26f4be7591b92ca543c759aeb45b2a
SHA256

6320c823373c9d7e46a0b07d3cf9182077591c62add5f7417490531f70467681
SHA512

8064c7c760d491816bebd97d0417a78f2b5ba63e95ed3bbbb5f0ca9ed6c6a63f556e8ce8fdb05625f0f4c955973580a5a7d07d72d22da3b60d7ef12b88144883

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://foundationforwomenshealth.com/rooming.hta

Targets

- Target
  
  6320c823373c9d7e46a0b07d3cf9182077591c62add5f7417490531f70467681.lnk
- Size
  
  1KB
- MD5
  
  4f3d62489ec58662e1acd166b626631f
- SHA1
  
  49d5d56e0d26f4be7591b92ca543c759aeb45b2a
- SHA256
  
  6320c823373c9d7e46a0b07d3cf9182077591c62add5f7417490531f70467681
- SHA512
  
  8064c7c760d491816bebd97d0417a78f2b5ba63e95ed3bbbb5f0ca9ed6c6a63f556e8ce8fdb05625f0f4c955973580a5a7d07d72d22da3b60d7ef12b88144883
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2