Overview

overview

10

Static

static

1

manual.hta

windows7-x64

3

manual.hta

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    manual.hta

  • Size

    1.2MB

  • Sample

    231107-sgykkacf28

  • MD5

    c00e2ffd04f058f50e769871f12b2252

  • SHA1

    4d14e39935eaea4bbd45ea9135c4734931f57e5c

  • SHA256

    b54ced8c1f47dbc0f7344454dd4f0a8edb7baaf0ac80e1b001b4a5b40d52bd4e

  • SHA512

    0db57fe1589a7c8db1534d58bf2cad0b106635d094677685973929187646f70fc289ae62a216914ce23691b08d4d1151f934d4b56106e6fb2ec169c9d793e0c2

  • SSDEEP

    6144:QvQfB4eQpCq/miQtzAf8GdU3bfXZs+CrJemx:Qheux

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      manual.hta

    • Size

      1.2MB

    • MD5

      c00e2ffd04f058f50e769871f12b2252

    • SHA1

      4d14e39935eaea4bbd45ea9135c4734931f57e5c

    • SHA256

      b54ced8c1f47dbc0f7344454dd4f0a8edb7baaf0ac80e1b001b4a5b40d52bd4e

    • SHA512

      0db57fe1589a7c8db1534d58bf2cad0b106635d094677685973929187646f70fc289ae62a216914ce23691b08d4d1151f934d4b56106e6fb2ec169c9d793e0c2

    • SSDEEP

      6144:QvQfB4eQpCq/miQtzAf8GdU3bfXZs+CrJemx:Qheux

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks