a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6 | Triage

Sharing

General

Target

a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6.lnk
Size

1KB
Sample

241026-ct3gaavrhl
MD5

d53df33a543f82f01cd65a969c026f0c
SHA1

92b8d55b4dccdcdfc076e08dc10e8f878075a4f7
SHA256

a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6
SHA512

a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e

Score

10^/10

defense_evasion

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://urban-trek.shop/api/uz/0547131764/Linipute.json

Targets

- Target
  
  a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6.lnk
- Size
  
  1KB
- MD5
  
  d53df33a543f82f01cd65a969c026f0c
- SHA1
  
  92b8d55b4dccdcdfc076e08dc10e8f878075a4f7
- SHA256
  
  a1d7f4bc74b920f6ea79f7d3ed3ac9c544401605688fc968cc27e1a62b9482f6
- SHA512
  
  a4b62d3d7d9a1f251c6f2fc1eecec006cd32ed5f206990c84c0f1e3ebb6e86564c5042412c6b329e2a6d44bd2232a89add3db92703e3c779110f83105ea0c49e
Score

10^/10

defense_evasion
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Indirect Command Execution
  Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indirect Command Execution

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion

behavioral2

defense_evasion