General

  • Target

    HysdbshdFGy.hta

  • Size

    1.2MB

  • Sample

    230719-sa6mlaha44

  • MD5

    70407316ddc26070dfac13bb1e9eafbe

  • SHA1

    d874b9959920a0666e25ad50a4a16b1f3549f752

  • SHA256

    b983a17b372dd6db0a9815bb6632179702db622e752f3f69a9ab34b2ef76f995

  • SHA512

    28e9f8e1243a52418f01e66aee19a6388c59c6b910703b7326ac4933b97ad43e8b2691e57f7f5796fa3dc02ba3b5c8e3e49a1d0bf32271569fc2042473b02826

  • SSDEEP

    6144:7FrYbbk9QBeHIAjz9meEId/Rc/44A+HoTpTW:7Fr6i9y

Score
10/10

Malware Config

Targets

    • Target

      HysdbshdFGy.hta

    • Size

      1.2MB

    • MD5

      70407316ddc26070dfac13bb1e9eafbe

    • SHA1

      d874b9959920a0666e25ad50a4a16b1f3549f752

    • SHA256

      b983a17b372dd6db0a9815bb6632179702db622e752f3f69a9ab34b2ef76f995

    • SHA512

      28e9f8e1243a52418f01e66aee19a6388c59c6b910703b7326ac4933b97ad43e8b2691e57f7f5796fa3dc02ba3b5c8e3e49a1d0bf32271569fc2042473b02826

    • SSDEEP

      6144:7FrYbbk9QBeHIAjz9meEId/Rc/44A+HoTpTW:7Fr6i9y

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks