b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160 | Triage

Sharing

General

Target

HYWJCXOPWTAZEKLLQJNWOYTQKEZVTKCTL.HTA
Size

127KB
Sample

220119-vtepbsbhb4
MD5

42b4de0ca5875d7da480c73c7f4ffc71
SHA1

76840ba8cc6e55d74f09a88deb2de77861ef3405
SHA256

b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160
SHA512

571f3aec56f235b98c01732cfbe0d0fd641c12c53b720b06c324911aa0941796cae217fc3d4327bd3f77df49449f4e1d3ade00a98f025f4304dd12a4013eb81d

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://3.141.31.43/1/Serverkopl.txt

Targets

- Target
  
  HYWJCXOPWTAZEKLLQJNWOYTQKEZVTKCTL.HTA
- Size
  
  127KB
- MD5
  
  42b4de0ca5875d7da480c73c7f4ffc71
- SHA1
  
  76840ba8cc6e55d74f09a88deb2de77861ef3405
- SHA256
  
  b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160
- SHA512
  
  571f3aec56f235b98c01732cfbe0d0fd641c12c53b720b06c324911aa0941796cae217fc3d4327bd3f77df49449f4e1d3ade00a98f025f4304dd12a4013eb81d
Score

10^/10
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1