79fcf442e09508c975fed47442355cf7af5ec310343f0f7050328f6e5d563262 | Triage

Sharing

General

Target

79fcf442e09508c975fed47442355cf7af5ec310343f0f7050328f6e5d563262.exe
Size

10KB
Sample

221204-m4fqdacd46
MD5

1ea89a5498e3186ded51fae0918bc5de
SHA1

1a0262c0bc94fcd4acf7d630d4751e3b0811862c
SHA256

79fcf442e09508c975fed47442355cf7af5ec310343f0f7050328f6e5d563262
SHA512

297daa54064a7f418de6670a7ccb7c586ca3cda29b06bb76dac88cfd57c671e9fea24f616431298a5c2537313fb15f0ad5eca4de3aa657dcf963ce59a4b1cdce
SSDEEP

192:pMdoBVS5EEboY3zNIQgHVSrmSGmX+jBaRCTfbT:bS5EEb7jNIQgHVSrmgqBmofb

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://193.149.187.161/obfuscated.vbs

Targets

- Target
  
  79fcf442e09508c975fed47442355cf7af5ec310343f0f7050328f6e5d563262.exe
- Size
  
  10KB
- MD5
  
  1ea89a5498e3186ded51fae0918bc5de
- SHA1
  
  1a0262c0bc94fcd4acf7d630d4751e3b0811862c
- SHA256
  
  79fcf442e09508c975fed47442355cf7af5ec310343f0f7050328f6e5d563262
- SHA512
  
  297daa54064a7f418de6670a7ccb7c586ca3cda29b06bb76dac88cfd57c671e9fea24f616431298a5c2537313fb15f0ad5eca4de3aa657dcf963ce59a4b1cdce
- SSDEEP
  
  192:pMdoBVS5EEboY3zNIQgHVSrmSGmX+jBaRCTfbT:bS5EEb7jNIQgHVSrmgqBmofb
Score

10^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2