Overview

overview

10

Static

static

1

A/3rd_cc_f...df.lnk

windows7-x64

7

A/3rd_cc_f...df.lnk

windows10-2004-x64

10

A/Agreemen...df.lnk

windows7-x64

7

A/Agreemen...df.lnk

windows10-2004-x64

10

A/Instruct...df.lnk

windows7-x64

7

A/Instruct...df.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    A.zip

  • Size

    2KB

  • Sample

    241025-vypebsscpb

  • MD5

    4879961cca2baed6d149c25fa946a98a

  • SHA1

    33dd06d389c04dc0e86dadf1cf77739b974fe7c5

  • SHA256

    a33bf755d49373160c54ca9d13df9fd2e5efbe0f86d22a208d9687790fe00ed4

  • SHA512

    a9c8b4db8fe7873cd04959aa21050492bf4b8fcbc0f199e72a8870cb68976a2157884d02e107f84ab7e8724097e4036329e38f7dbf99f372e7ce885904bbff37

Score
10/10
defense_evasion

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://urban-trek.shop/api/uz/0547131764/Linipute.json

Extracted

Language
hta
Source
URLs
hta.dropper

https://ctu.timeless-tales.shop/api/uz/0912545164/CharcoalWharf.json

Extracted

Language
hta
Source
URLs
hta.dropper

https://ftp.timeless-tales.shop/api/reg/Panto

Targets

    • Target

      A/3rd_cc_form_Oct_2024.pdf.lnk

    • Size

      1KB

    • MD5

      d53df33a543f82f01cd65a969c026f0c

    • SHA1

      92b8d55b4dccdcdfc076e08dc10e8f878075a4f7

    • SHA256

      a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6

    • SHA512

      a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e

    Score
    10/10
    defense_evasion

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion
    behavioral1behavioral2

    • Target

      A/Agreement for YouTube cooperation.pdf.lnk

    • Size

      1KB

    • MD5

      90de1044962e092ea916ae08649227ba

    • SHA1

      a2fafd3d9e2b224205d6a3ae529416d33be68b2e

    • SHA256

      8ea35c2bfdf4cad1197abadd19f4f0e09579afcfdb32abc7e71bb5818c6d3ba6

    • SHA512

      1b2d37a8615904f074def78a06dbed15d38dc455eb5a715002a5e93c28520154f506d7ea6f150e915ca1bda0564d358635314e9022a170efee2ada168ff19890

    Score
    10/10
    defense_evasion

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion
    behavioral3behavioral4

    • Target

      A/Instruction_1928.pdf.lnk

    • Size

      2KB

    • MD5

      b874532b90be5bd56eca4b28951f2f76

    • SHA1

      0356abd795c63a10cad9383a767687c92fc1b5f8

    • SHA256

      92216ebdd28ee3a886e296fd4ef8c5341b8c9dba8f1d1c498db62c95efc97262

    • SHA512

      036d26c62b65af38075842642708cf3e3f8eaef05025a7b3449d39e2f15c09a80cfd79ddf411c6d6d1aadd7fca4a462c4f86b5f1375166928457b759822586d3

    Score
    10/10
    defense_evasion

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

      defense_evasion
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks