General
-
Target
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f.lnk
-
Size
3KB
-
Sample
241114-xkrnmssbjp
-
MD5
001c1231f099ae2188df58798c2c32cf
-
SHA1
6e8394a04aa35551437d91910c787bf2165c175b
-
SHA256
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f
-
SHA512
b46b0ed51706e68a7b2e1d3609caaa2bc45676cb876c9ca72c51d9e34d2e5821dba256378950b3dc678d44c0cbfe14a6f599c66fb6843a34c76f7e258959e2c9
Static task
static1
Behavioral task
behavioral1
Sample
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f.lnk
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f.lnk
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://pub-5b9223b1b9e74a70be22a0816a8b7ead.r2.dev/123.hta
Extracted
https://pub-5b9223b1b9e74a70be22a0816a8b7ead.r2.dev/123.hta
Targets
-
-
Target
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f.lnk
-
Size
3KB
-
MD5
001c1231f099ae2188df58798c2c32cf
-
SHA1
6e8394a04aa35551437d91910c787bf2165c175b
-
SHA256
0d6049a23bc24a385997c0514ffc22a9c0c9ba681d1cac2f6cb5013bafeefe4f
-
SHA512
b46b0ed51706e68a7b2e1d3609caaa2bc45676cb876c9ca72c51d9e34d2e5821dba256378950b3dc678d44c0cbfe14a6f599c66fb6843a34c76f7e258959e2c9
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1