General

  • Target

    ?i=1ywmgvblf

  • Size

    71KB

  • Sample

    220421-x4py6accel

  • MD5

    21fc12ef8a4a4ba5b38a303fa7e70c08

  • SHA1

    5700a2231371b289eae19ce62e1a73457ee582c4

  • SHA256

    6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5

  • SHA512

    8200f14c0a8023bb74b39796f7859258ef67a21a5f81704f82315695409795fe724ac8ca81513a95d50d169c824532e43865846ce42b0e541366309ace849654

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

    • Target

      ?i=1ywmgvblf

    • Size

      71KB

    • MD5

      21fc12ef8a4a4ba5b38a303fa7e70c08

    • SHA1

      5700a2231371b289eae19ce62e1a73457ee582c4

    • SHA256

      6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5

    • SHA512

      8200f14c0a8023bb74b39796f7859258ef67a21a5f81704f82315695409795fe724ac8ca81513a95d50d169c824532e43865846ce42b0e541366309ace849654

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks