General

  • Target

    Instruction_1921_W9COI.pdf.lnk.zip

  • Size

    1KB

  • Sample

    241112-1wltbasdlk

  • MD5

    8c5a22c9d713451e7df6ffe0055efa7d

  • SHA1

    c5b0bf47952dcea6364078b02e6963444979a02e

  • SHA256

    71a7d558b6dc215728e20ac4320ed6b26dafa9a3656558f53fa0ef5f1e79f3c7

  • SHA512

    9002334ca70918e8ec89a4686d2534841ba0ebfc150f0c93a77e5e7b75e5ea220858c7168dca205027e5529e194e3491bf46632a4d0126a54a62091a55bf7bf3

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://rt2kl9.vibrant-minds.shop/api/reg/BaristaBagging.json

Targets

    • Target

      Instruction_1921_W9COI.pdf.lnk.bin

    • Size

      2KB

    • MD5

      a6aa04067a00840bd40f5cbbd551800d

    • SHA1

      1bf1b4d609f1b0001edf2785189410021dec912c

    • SHA256

      bf198d170af6f42fc1c94b154002a0b4e99c1dded83b86902a52bd82d2a382ab

    • SHA512

      04181ed58817288cae7fca9e634a117c8acde7f5e16bb5b294f8aca4303b69e1245583a30a5447252e763d4633bcfc70c5879ea8e8ae5cf25d622352b8f44591

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

MITRE ATT&CK Enterprise v15

Tasks