06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a | Triage

Sharing

General

Target

06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a_JC.bat
Size

161KB
Sample

231012-r9wq1agh63
MD5

6c85da810cde457326e00361cdccf3a6
SHA1

4240ed33ca1e6dd1bfbca78f75e297ff63a8012d
SHA256

06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a
SHA512

6e9706e9c774a1a89e9aa0ffe1abaa1261dd8823e4652f846fe89132190e67a424d2be9a31f1bbb19c88e1a1a3102d8a5ffeb79b624a63306661258e23454789
SSDEEP

768:AaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaY:5

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://documentos-cert.com/90.htm

Targets

- Target
  
  06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a_JC.bat
- Size
  
  161KB
- MD5
  
  6c85da810cde457326e00361cdccf3a6
- SHA1
  
  4240ed33ca1e6dd1bfbca78f75e297ff63a8012d
- SHA256
  
  06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a
- SHA512
  
  6e9706e9c774a1a89e9aa0ffe1abaa1261dd8823e4652f846fe89132190e67a424d2be9a31f1bbb19c88e1a1a3102d8a5ffeb79b624a63306661258e23454789
- SSDEEP
  
  768:AaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaY:5
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2