f9deaed4ae870eb29a5ded42c8175596e5ce0e8b04ef1fc076af9d72d8c47648 | Triage

Sharing

General

Target

f9deaed4ae870eb29a5ded42c8175596e5ce0e8b04ef1fc076af9d72d8c47648
Size

2KB
Sample

221121-twbvsahc32
MD5

e46f6d98041a08893b5fa05315f8af3d
SHA1

9cedabf90dd2aca17a0b5b8dbcfb97440ab3f98b
SHA256

f9deaed4ae870eb29a5ded42c8175596e5ce0e8b04ef1fc076af9d72d8c47648
SHA512

2fddf5c0edd32c83cbbe952d3df51a28f82ecae7a27a5222521f7d78f2ece336dc85827630e5b3c0187d46a2fce64fa4892c30b3a983955d470cd179e928266a

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://workdayresume.000webhostapp.com/0a

Targets

- Target
  
  Resume final Updated.hta
- Size
  
  5KB
- MD5
  
  2808608a28c6f7c966019bba420cd93f
- SHA1
  
  d16f39930096d5d214a0f84fd3e8ad62f444edd4
- SHA256
  
  3cf2fe7b32f2aca65f1f9652675456bb8426100e819a55c97260f1465be38bf2
- SHA512
  
  bab8b5746067a7241968b682109bb4df7614f0223f8df99e4de8d003c61379a5e3085bdc9bbdf7c6fec895d230b47f31634326366c66b44b3062c4f8b7591fbb
- SSDEEP
  
  96:MFLL6bGCGe/AoiqRA54PmYJyuRhLqCcEUfTrg4txW:MFcGCfAoiZ1OypCITrFxW
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2