a06aa1b7dae18601bae1fe1d840fcd0cfd8198d7ae12e29214eccc3bcd082a1c | Triage

Sharing

General

Target

filepdf.pdf.lnk.download.lnk
Size

1KB
Sample

241122-qhsplaxldp
MD5

25840bfeb06a9efbd1494278daf47d51
SHA1

30379cfd8c42b5f9e4fc8bf5515fd7aca444fe96
SHA256

a06aa1b7dae18601bae1fe1d840fcd0cfd8198d7ae12e29214eccc3bcd082a1c
SHA512

391c11cfc85c0245c540e03457ef5bca90dd68d0e3c5ca93374c817a93365b04213cf2fea17243e9b9f2c393b88d4e9c34d4242b1b511acf1d454a9ef8d060b5

Score

10^/10

execution

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://ukr-netdigitalhub.pro/x64dbg2

Extracted

Language

hta

Source

URLs

hta.dropper

http://ukr-netdigitalhub.pro/x64dbg2

Targets

- Target
  
  filepdf.pdf.lnk.download.lnk
- Size
  
  1KB
- MD5
  
  25840bfeb06a9efbd1494278daf47d51
- SHA1
  
  30379cfd8c42b5f9e4fc8bf5515fd7aca444fe96
- SHA256
  
  a06aa1b7dae18601bae1fe1d840fcd0cfd8198d7ae12e29214eccc3bcd082a1c
- SHA512
  
  391c11cfc85c0245c540e03457ef5bca90dd68d0e3c5ca93374c817a93365b04213cf2fea17243e9b9f2c393b88d4e9c34d4242b1b511acf1d454a9ef8d060b5
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2