09ef17dc4284a8d1a8b937354bd8137aa9c0d98bffb897bd891ccff854484e43 | Triage

Resubmissions

18/04/2025, 17:49

250418-wd4tystls6 8

09/04/2025, 06:42

250409-hgf1eastav 10

Sharing

General

Target

chase_apr_2025.lnk
Size

1KB
Sample

250418-wd4tystls6
MD5

36a9f6a6fe333f902077a73d990f0a4e
SHA1

906818153a8ff4bf10cfb8615ff6b9021140623c
SHA256

09ef17dc4284a8d1a8b937354bd8137aa9c0d98bffb897bd891ccff854484e43
SHA512

cfc907e28c5069edc9e837b53f13377fbc015e1baba7401d1f3adb0bbdefa1dc95b830da58ef3b84e07ef8e8558d0b9b593e3d5c4c0d258cb50f0c8c73d5f5c7

Score

8^/10

execution

Malware Config

Targets

- Target
  
  chase_apr_2025.lnk
- Size
  
  1KB
- MD5
  
  36a9f6a6fe333f902077a73d990f0a4e
- SHA1
  
  906818153a8ff4bf10cfb8615ff6b9021140623c
- SHA256
  
  09ef17dc4284a8d1a8b937354bd8137aa9c0d98bffb897bd891ccff854484e43
- SHA512
  
  cfc907e28c5069edc9e837b53f13377fbc015e1baba7401d1f3adb0bbdefa1dc95b830da58ef3b84e07ef8e8558d0b9b593e3d5c4c0d258cb50f0c8c73d5f5c7
Score

8^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2