General

  • Target

    ?i=1friqmykq

  • Size

    110KB

  • Sample

    220419-ez24tacack

  • MD5

    a3c1eee45b2ee65f5f0fda091c3b9bfe

  • SHA1

    1bd37dfba56924ab73ce9f6da17a946715b6a76a

  • SHA256

    e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7

  • SHA512

    ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://46.105.81.76/c.html

Targets

    • Target

      ?i=1friqmykq

    • Size

      110KB

    • MD5

      a3c1eee45b2ee65f5f0fda091c3b9bfe

    • SHA1

      1bd37dfba56924ab73ce9f6da17a946715b6a76a

    • SHA256

      e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7

    • SHA512

      ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks