a04cc1d5900ce90aa94f2b04a800815522bef92e40816743ac8fff56a141b7e3 | Triage

Resubmissions

19/09/2024, 18:47

240919-xfla3avajf 7

Sharing

Copy URL Twitter E-mail

General

Target

NSA Document.lnk
Size

1KB
Sample

240919-xfla3avajf
MD5

33ad531b6cf05206ca660a653183127d
SHA1

5f28b9019d51671f92500259894a5d654fc8f199
SHA256

a04cc1d5900ce90aa94f2b04a800815522bef92e40816743ac8fff56a141b7e3
SHA512

f9fe7998c2bab9d7ff348aea316639d8fc44040d0336b731c8bea22aa7608841cbd2ac16bf4b9f170902c00f9c87189e249ab40be2cfceaaa8fdfafa0ab47bd6

Score

7^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  NSA Document.lnk
- Size
  
  1KB
- MD5
  
  33ad531b6cf05206ca660a653183127d
- SHA1
  
  5f28b9019d51671f92500259894a5d654fc8f199
- SHA256
  
  a04cc1d5900ce90aa94f2b04a800815522bef92e40816743ac8fff56a141b7e3
- SHA512
  
  f9fe7998c2bab9d7ff348aea316639d8fc44040d0336b731c8bea22aa7608841cbd2ac16bf4b9f170902c00f9c87189e249ab40be2cfceaaa8fdfafa0ab47bd6
Score

7^/10

persistence privilege_escalation
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation