af2d07066d8f7f3e364d7d832f143ee9d0c9c7a9e91842df2a67c034137bde41 | Triage

Sharing

General

Target

a49746922bdba7a0885c55944ab705a5+af2d07066d8f7f3e364d7d832f143ee9d0c9c7a9e91842df2a67c034137bde41
Size

1KB
Sample

240111-jfwvxacfa9
MD5

a49746922bdba7a0885c55944ab705a5
SHA1

6ec7db6e71ebfb091b7266b8ce2012ef3d2d714f
SHA256

af2d07066d8f7f3e364d7d832f143ee9d0c9c7a9e91842df2a67c034137bde41
SHA512

e17311145ca62f49e0ac1ecc34810a65f1b91cc57c45fe0d2f72494e8106ede54d258a2fd8c16f771eada18574854da8654b533dca7818183f154739849ecbf7

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://24help.ooguy.com/1/1.hta

Targets

- Target
  
  a49746922bdba7a0885c55944ab705a5+af2d07066d8f7f3e364d7d832f143ee9d0c9c7a9e91842df2a67c034137bde41
- Size
  
  1KB
- MD5
  
  a49746922bdba7a0885c55944ab705a5
- SHA1
  
  6ec7db6e71ebfb091b7266b8ce2012ef3d2d714f
- SHA256
  
  af2d07066d8f7f3e364d7d832f143ee9d0c9c7a9e91842df2a67c034137bde41
- SHA512
  
  e17311145ca62f49e0ac1ecc34810a65f1b91cc57c45fe0d2f72494e8106ede54d258a2fd8c16f771eada18574854da8654b533dca7818183f154739849ecbf7
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2