General
-
Target
mshta.hta
-
Size
114KB
-
Sample
230328-xsmdwscf83
-
MD5
cc504d2b599df93f30cf9fe27cb00ce2
-
SHA1
18339e9bf67bbef2815cc0ab99850c16685cbdbd
-
SHA256
a774163cffc40309ec4399c67a0c24a6c3194695c881429fb62c6019f8b7f66f
-
SHA512
256a991e62fe3362a4ec6e15982faa036f6892e9babceef49c206198ff96c19a02411149657439c380427595b8693e664397626622515e5a6884acb18de09141
-
SSDEEP
1536:1xt1AMfJfwOaEVay8UtHcUp3MQRBAGdJd5RoSYceoK7LC4btIwTv67DJw7wRemyW:1xt1TRz84AGdJdjcF7E
Static task
static1
Behavioral task
behavioral1
Sample
mshta.hta
Resource
win7-20230220-en
Malware Config
Extracted
aurora
212.87.204.93:8081
Targets
-
-
Target
mshta.hta
-
Size
114KB
-
MD5
cc504d2b599df93f30cf9fe27cb00ce2
-
SHA1
18339e9bf67bbef2815cc0ab99850c16685cbdbd
-
SHA256
a774163cffc40309ec4399c67a0c24a6c3194695c881429fb62c6019f8b7f66f
-
SHA512
256a991e62fe3362a4ec6e15982faa036f6892e9babceef49c206198ff96c19a02411149657439c380427595b8693e664397626622515e5a6884acb18de09141
-
SSDEEP
1536:1xt1AMfJfwOaEVay8UtHcUp3MQRBAGdJd5RoSYceoK7LC4btIwTv67DJw7wRemyW:1xt1TRz84AGdJdjcF7E
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-