bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a | Triage

Sharing

General

Target

bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a.lnk
Size

1KB
Sample

240523-cdwnsshf2v
MD5

60f1320faf25bc20101c4312f82a72f8
SHA1

a37a8f932db503eed34cbe9aa1db40f63b36fee1
SHA256

bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a
SHA512

96652e9e0a96545449a260c19d920eb3f1debc879e76f5a594848a28ef165b733ca61fcc75636781289e30cc7e87aae11028ff159a1bdc93a274dbed99f03d07

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://foundationforwomenshealth.com/rooming.hta

Targets

- Target
  
  bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a.lnk
- Size
  
  1KB
- MD5
  
  60f1320faf25bc20101c4312f82a72f8
- SHA1
  
  a37a8f932db503eed34cbe9aa1db40f63b36fee1
- SHA256
  
  bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a
- SHA512
  
  96652e9e0a96545449a260c19d920eb3f1debc879e76f5a594848a28ef165b733ca61fcc75636781289e30cc7e87aae11028ff159a1bdc93a274dbed99f03d07
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2