General
-
Target
49c17404c6314b837c9f3b49aba9bf7e.hta
-
Size
144KB
-
Sample
220402-ebapnaecdp
-
MD5
49c17404c6314b837c9f3b49aba9bf7e
-
SHA1
dce337aa57cdf134e0c7a7101353777346e964e2
-
SHA256
57d84d42d12c04652cf87f1b1255e0f6ada7674751200ba1d2298941deb5cd44
-
SHA512
8018e8ad4f98cbea91218fd378c3f0a90ab172f6176a6d17016f2d23c1783250fa1467ee2f2023036dd8826816586d90f920f351929ca93d3e710feaf19cb268
Static task
static1
Behavioral task
behavioral1
Sample
49c17404c6314b837c9f3b49aba9bf7e.ps1
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
49c17404c6314b837c9f3b49aba9bf7e.ps1
Resource
win10v2004-20220331-en
Malware Config
Extracted
revengerat
MR_ahmed
45.147.230.231:2222
c416f58db13c4
Targets
-
-
Target
49c17404c6314b837c9f3b49aba9bf7e.hta
-
Size
144KB
-
MD5
49c17404c6314b837c9f3b49aba9bf7e
-
SHA1
dce337aa57cdf134e0c7a7101353777346e964e2
-
SHA256
57d84d42d12c04652cf87f1b1255e0f6ada7674751200ba1d2298941deb5cd44
-
SHA512
8018e8ad4f98cbea91218fd378c3f0a90ab172f6176a6d17016f2d23c1783250fa1467ee2f2023036dd8826816586d90f920f351929ca93d3e710feaf19cb268
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-