General
-
Target
80ed859d-c469-47f1-9988-81e86f19bd80.hta
-
Size
1KB
-
Sample
230206-2evwbsgb84
-
MD5
6c443cfc616d7be31e5acde5dd448270
-
SHA1
0ea1549ecda0b8b3dd5047f91edd86c976aaca0d
-
SHA256
380487985ceac130b4c40b143de11ecc73aab961ade2b775975ae6b3518b9ee2
-
SHA512
5a1aa60cde4fb89e3b354c8cbba582587d173fb9e6379e26b89e49cc0fd96ce188c0f32e69b09cd5184d973f710c109baf2fa5f2248c00e4e3da560b6bce8e4a
Static task
static1
Behavioral task
behavioral1
Sample
80ed859d-c469-47f1-9988-81e86f19bd80.hta
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
80ed859d-c469-47f1-9988-81e86f19bd80.hta
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://bestsdealofworld.com/twain.png
Extracted
https://transfer.sh/get/vpiHmi/invoice.pdf
Extracted
icedid
3954321778
ehonlionetodo.com
Targets
-
-
Target
80ed859d-c469-47f1-9988-81e86f19bd80.hta
-
Size
1KB
-
MD5
6c443cfc616d7be31e5acde5dd448270
-
SHA1
0ea1549ecda0b8b3dd5047f91edd86c976aaca0d
-
SHA256
380487985ceac130b4c40b143de11ecc73aab961ade2b775975ae6b3518b9ee2
-
SHA512
5a1aa60cde4fb89e3b354c8cbba582587d173fb9e6379e26b89e49cc0fd96ce188c0f32e69b09cd5184d973f710c109baf2fa5f2248c00e4e3da560b6bce8e4a
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-