f5b0be00fddef543a5edd3f421a33fa9508ad767e56730deaab5e2005e991336 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5b0be00fddef543a5edd3f42.exe
Size

2KB
Sample

230701-jrpkzahc2x
MD5

65ed0c04a2f2afe9e241ecdc9559c65f
SHA1

ddf09f9a778477b013fecf2c28825323de56ae7d
SHA256

f5b0be00fddef543a5edd3f421a33fa9508ad767e56730deaab5e2005e991336
SHA512

9f7b4213b0306efcec8e5ab1d53ebd186a7dc67ae11421a4724b90e04c7ad84a66f8a2ca9035f349f9a648671b04d2b7dd534ff582546c714f53ffe100c44d87

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://arm.texchi.xyz/OctpfpplSmd/kB7XqC07xt/pvsON52yWS/CLpIorS_6Y/aXbgXY%3D

Extracted

Language

hta

Source

URLs

hta.dropper

https://arm.texchi.xyz/OctpfpplSmd/kB7XqC07xt/pvsON52yWS/CLpIorS_6Y/aXbgXY%3D

Targets

- Target
  
  f5b0be00fddef543a5edd3f42.exe
- Size
  
  2KB
- MD5
  
  65ed0c04a2f2afe9e241ecdc9559c65f
- SHA1
  
  ddf09f9a778477b013fecf2c28825323de56ae7d
- SHA256
  
  f5b0be00fddef543a5edd3f421a33fa9508ad767e56730deaab5e2005e991336
- SHA512
  
  9f7b4213b0306efcec8e5ab1d53ebd186a7dc67ae11421a4724b90e04c7ad84a66f8a2ca9035f349f9a648671b04d2b7dd534ff582546c714f53ffe100c44d87
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2