d287388e5ff978bf6f8af477460a9b76a74fdc33535e392b70e58176fc9ad805

General
Target

d287388e5ff978bf6f8af477460a9b76a74fdc33535e392b70e58176fc9ad805

Size

1MB

Sample

220520-ratglafcb6

Score
10 /10
MD5

365d95c0d0659a1081488460eadf8159

SHA1

63a3f87be4f037585f576599823557e5444084a4

SHA256

d287388e5ff978bf6f8af477460a9b76a74fdc33535e392b70e58176fc9ad805

SHA512

41c49560683ee1611eb1143ca6babe650e336c33f7d58b67cb34e17e0450a9ef6b212fc318bc3601942e49acc3ba65aba86278bb6a60ac0764b9488036a4ca4a

Malware Config

Extracted

Language hta
Source
URLs
hta.dropper

https://bit.ly/3eIxLAZ

Targets
Target

d287388e5ff978bf6f8af477460a9b76a74fdc33535e392b70e58176fc9ad805

MD5

365d95c0d0659a1081488460eadf8159

Filesize

1MB

Score
10/10
SHA1

63a3f87be4f037585f576599823557e5444084a4

SHA256

d287388e5ff978bf6f8af477460a9b76a74fdc33535e392b70e58176fc9ad805

SHA512

41c49560683ee1611eb1143ca6babe650e336c33f7d58b67cb34e17e0450a9ef6b212fc318bc3601942e49acc3ba65aba86278bb6a60ac0764b9488036a4ca4a

Signatures

  • Blocklisted process makes network request

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      4/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10