eddc294fc8599c7fccde15ac5516eb8fdab161aafe83e15a21dab41c98781765 | Triage

Sharing

General

Target

eddc294fc8599c7fccde15ac5516eb8fdab161aafe83e15a21dab41c98781765.lnk
Size

1KB
Sample

240523-cnxc3sad27
MD5

27251cc401cfe955c65b5512b5684f8b
SHA1

80c817b04ae8a395d8f078bbf4e117895c13e6bd
SHA256

eddc294fc8599c7fccde15ac5516eb8fdab161aafe83e15a21dab41c98781765
SHA512

c1ab81ca147a45d1d60008d3b1edb610552ebd60202a0f791352a139512fdae276b916c438254b48d72105ae061d98346f55c3c92866aa45c28483ca37f1717b

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://foundationforwomenshealth.com/swim.hta

Targets

- Target
  
  eddc294fc8599c7fccde15ac5516eb8fdab161aafe83e15a21dab41c98781765.lnk
- Size
  
  1KB
- MD5
  
  27251cc401cfe955c65b5512b5684f8b
- SHA1
  
  80c817b04ae8a395d8f078bbf4e117895c13e6bd
- SHA256
  
  eddc294fc8599c7fccde15ac5516eb8fdab161aafe83e15a21dab41c98781765
- SHA512
  
  c1ab81ca147a45d1d60008d3b1edb610552ebd60202a0f791352a139512fdae276b916c438254b48d72105ae061d98346f55c3c92866aa45c28483ca37f1717b
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2