General

  • Target

    HHYGASDBBBX.hta

  • Size

    1.2MB

  • Sample

    230724-qarsbsde69

  • MD5

    2aa4741c22f4f7e9f7fb2318e974649c

  • SHA1

    f65ab7270f297c572a30650c6941dea145cd83f1

  • SHA256

    069ac184f80baa3ced862d6704254d57990699bda965a9bcc2a89b2d8b61c123

  • SHA512

    bca8f8a59e00dc69619bb36bc98d23935cbd7a320724bb90f64a799e6eb4654d7f1ca4ddec5276b233b9319b79b2dbffd8d95a3d28be63e0d0a05d58e74a1cd6

  • SSDEEP

    3072:XMyG1hNUveUzpkVDbffRhyTcVWRda4Ynq/gQ:XMJvzU6xffrMckdabq/gQ

Score
10/10

Malware Config

Targets

    • Target

      HHYGASDBBBX.hta

    • Size

      1.2MB

    • MD5

      2aa4741c22f4f7e9f7fb2318e974649c

    • SHA1

      f65ab7270f297c572a30650c6941dea145cd83f1

    • SHA256

      069ac184f80baa3ced862d6704254d57990699bda965a9bcc2a89b2d8b61c123

    • SHA512

      bca8f8a59e00dc69619bb36bc98d23935cbd7a320724bb90f64a799e6eb4654d7f1ca4ddec5276b233b9319b79b2dbffd8d95a3d28be63e0d0a05d58e74a1cd6

    • SSDEEP

      3072:XMyG1hNUveUzpkVDbffRhyTcVWRda4Ynq/gQ:XMJvzU6xffrMckdabq/gQ

    Score
    10/10
    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks