3ffc211ce78796544ad9ad8726a59b981d7cec288eb17ff51e2e74bbf1d93dfb | Triage

Sharing

General

Target

3ffc211ce78796544ad9ad8726a59b981d7cec288eb17ff51e2e74bbf1d93dfb.lnk
Size

59KB
Sample

240601-bk6a5sdb56
MD5

a93cb039d8b98e77656b11af495edd09
SHA1

0c881101dcca67b960e51c3c42bb547a342731bd
SHA256

3ffc211ce78796544ad9ad8726a59b981d7cec288eb17ff51e2e74bbf1d93dfb
SHA512

f038ececae42f3f726e9d70db3d53986d6ad3d7806d9da8102938e22e87916349672f93e07a2797629bb595954d6e6a447bfc924bfb00cd4e269006240ba0f96
SSDEEP

12:8MFm/3BVSXvk44X3ojsqzKtnWNUfW+UcCsvX1CKeXRpKWKDiN33YlNPeVnI:8l/BHYVKVWKe+/CWFC7hpgaHKPeFI

Score

10^/10

evasion trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://uits-bd.com/images/Quote6.hta

Targets

- Target
  
  3ffc211ce78796544ad9ad8726a59b981d7cec288eb17ff51e2e74bbf1d93dfb.lnk
- Size
  
  59KB
- MD5
  
  a93cb039d8b98e77656b11af495edd09
- SHA1
  
  0c881101dcca67b960e51c3c42bb547a342731bd
- SHA256
  
  3ffc211ce78796544ad9ad8726a59b981d7cec288eb17ff51e2e74bbf1d93dfb
- SHA512
  
  f038ececae42f3f726e9d70db3d53986d6ad3d7806d9da8102938e22e87916349672f93e07a2797629bb595954d6e6a447bfc924bfb00cd4e269006240ba0f96
- SSDEEP
  
  12:8MFm/3BVSXvk44X3ojsqzKtnWNUfW+UcCsvX1CKeXRpKWKDiN33YlNPeVnI:8l/BHYVKVWKe+/CWFC7hpgaHKPeFI
Score

10^/10

evasion trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2