ee85d1f8fa2c3d5c927bf3b547e8c4849e02185cc264a64d34ae8e896fc28616 | Triage

Sharing

General

Target

Decrd.txt
Size

96KB
Sample

240126-sf3g5agce3
MD5

6468ec2c43b826c943bbb0c79e219d77
SHA1

570d3d519a7e80a85bb91b1ba3f617205ef6e403
SHA256

ee85d1f8fa2c3d5c927bf3b547e8c4849e02185cc264a64d34ae8e896fc28616
SHA512

58418b135e330499149098c678e89a9ce45ddc6c344b5f92f69729f93773b050c8de08f9afd2e6a33e5b478374d43a15d531da4d07df01f1bf6445a2ed4273d8
SSDEEP

768:uAgOg2NONIp2NONIAgOg2NONI+2NONIAgOg2NONIRyqD732NONW2NONxONIgOv24:KyE+nKT72SVe

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.92.248.152/z

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://91.92.248.152/z/a.png

Targets

- Target
  
  Decrd.txt
- Size
  
  96KB
- MD5
  
  6468ec2c43b826c943bbb0c79e219d77
- SHA1
  
  570d3d519a7e80a85bb91b1ba3f617205ef6e403
- SHA256
  
  ee85d1f8fa2c3d5c927bf3b547e8c4849e02185cc264a64d34ae8e896fc28616
- SHA512
  
  58418b135e330499149098c678e89a9ce45ddc6c344b5f92f69729f93773b050c8de08f9afd2e6a33e5b478374d43a15d531da4d07df01f1bf6445a2ed4273d8
- SSDEEP
  
  768:uAgOg2NONIp2NONIAgOg2NONI+2NONIAgOg2NONIRyqD732NONW2NONxONIgOv24:KyE+nKT72SVe
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2