General
-
Target
HYWJCXOPWTAZEKLLQJNWOYTQKEZVTKCTL.HTA
-
Size
127KB
-
Sample
220119-vtepbsbhb4
-
MD5
42b4de0ca5875d7da480c73c7f4ffc71
-
SHA1
76840ba8cc6e55d74f09a88deb2de77861ef3405
-
SHA256
b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160
-
SHA512
571f3aec56f235b98c01732cfbe0d0fd641c12c53b720b06c324911aa0941796cae217fc3d4327bd3f77df49449f4e1d3ade00a98f025f4304dd12a4013eb81d
Static task
static1
Behavioral task
behavioral1
Sample
HYWJCXOPWTAZEKLLQJNWOYTQKEZVTKCTL.HTA
Resource
win10-en-20211208
Malware Config
Extracted
http://3.141.31.43/1/Serverkopl.txt
Targets
-
-
Target
HYWJCXOPWTAZEKLLQJNWOYTQKEZVTKCTL.HTA
-
Size
127KB
-
MD5
42b4de0ca5875d7da480c73c7f4ffc71
-
SHA1
76840ba8cc6e55d74f09a88deb2de77861ef3405
-
SHA256
b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160
-
SHA512
571f3aec56f235b98c01732cfbe0d0fd641c12c53b720b06c324911aa0941796cae217fc3d4327bd3f77df49449f4e1d3ade00a98f025f4304dd12a4013eb81d
Score10/10-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-