General
-
Target
2.hta
-
Size
1KB
-
Sample
230204-1z3w1aeg88
-
MD5
78b6f14f36098c269c3d03a29eb35bc8
-
SHA1
afd76bfe0d6ac105730b218152d0a650b6a869b7
-
SHA256
c815343206eab5b6d29bea2d12f02bf8f446944554f053203afc414acc77e859
-
SHA512
57b5a24f6c2610961e5c08d64872290d5b1399a80fc4335e60b88e3d20a679576a108d313b9a710b59e604732e0ea6e91313d65e16a10eb3eda3fe4e503d9712
Static task
static1
Behavioral task
behavioral1
Sample
2.hta
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2.hta
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://helthbrotthersg.com/view.png
Extracted
https://transfer.sh/get/vpiHmi/invoice.pdf
Extracted
icedid
3954321778
ehonlionetodo.com
Targets
-
-
Target
2.hta
-
Size
1KB
-
MD5
78b6f14f36098c269c3d03a29eb35bc8
-
SHA1
afd76bfe0d6ac105730b218152d0a650b6a869b7
-
SHA256
c815343206eab5b6d29bea2d12f02bf8f446944554f053203afc414acc77e859
-
SHA512
57b5a24f6c2610961e5c08d64872290d5b1399a80fc4335e60b88e3d20a679576a108d313b9a710b59e604732e0ea6e91313d65e16a10eb3eda3fe4e503d9712
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-