a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3 | Triage

Sharing

General

Target

Estonia_Consolidated_annual_report_of_the_state2024.lnk
Size

1KB
Sample

240816-y73j4avenc
MD5

95c380b57b24829d79ca4087018f500b
SHA1

1bd642cb24db34dd11b808601af1a6591fca46cf
SHA256

a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3
SHA512

4b83d8cdb547b0e37067bba5259c6120060bf1f47a02bf0ab5a9813af322f765f8a7ca4314dc03832ac096099037511c36acc127cd21a2a58dcb67d220e683a8

Score

10^/10

defense_evasion

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://silobsatewpes.click/Estonia3

Targets

- Target
  
  Estonia_Consolidated_annual_report_of_the_state2024.lnk
- Size
  
  1KB
- MD5
  
  95c380b57b24829d79ca4087018f500b
- SHA1
  
  1bd642cb24db34dd11b808601af1a6591fca46cf
- SHA256
  
  a063acc37f8c2a6df7f3c7d685ca0f9ae0fa5cfce867f124ed425c18dafa95c3
- SHA512
  
  4b83d8cdb547b0e37067bba5259c6120060bf1f47a02bf0ab5a9813af322f765f8a7ca4314dc03832ac096099037511c36acc127cd21a2a58dcb67d220e683a8
Score

10^/10

defense_evasion
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Indirect Command Execution
  Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indirect Command Execution

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion

behavioral2

defense_evasion