Overview

overview

10

Static

static

1

499528fb82...ea.lnk

windows7-x64

6

499528fb82...ea.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea.lnk

  • Size

    930KB

  • Sample

    240921-bk433syamf

  • MD5

    f4369f6826e349a9c6ca4d25ffd0d785

  • SHA1

    6a6c6d2a1f01962110896cab318958322f11eff8

  • SHA256

    499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea

  • SHA512

    b025ff0810a55fb97c951ee710cd41371b5dc113fa67ebd9bf26a7be6b502df34c3432f2ac92e1bdd7f7079819b3c8fb86a0a1b1a6a4e023e72f906c015cdbb4

  • SSDEEP

    24:8ApHYVKVWP/CW7pF1cI1tMwtwtanwwBm1qCY1dCZTCJCZkrabqh1:8GaDF1zMu4B6IMdCZTCJCZ6ae

Score
10/10
execution

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://188.119.112.115/nabu/opituvannya.hta

Targets

    • Target

      499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea.lnk

    • Size

      930KB

    • MD5

      f4369f6826e349a9c6ca4d25ffd0d785

    • SHA1

      6a6c6d2a1f01962110896cab318958322f11eff8

    • SHA256

      499528fb822e6cf086e98d9e27067f939ecbf0a3791f701a0a6f9a44ba8864ea

    • SHA512

      b025ff0810a55fb97c951ee710cd41371b5dc113fa67ebd9bf26a7be6b502df34c3432f2ac92e1bdd7f7079819b3c8fb86a0a1b1a6a4e023e72f906c015cdbb4

    • SSDEEP

      24:8ApHYVKVWP/CW7pF1cI1tMwtwtanwwBm1qCY1dCZTCJCZkrabqh1:8GaDF1zMu4B6IMdCZTCJCZ6ae

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks