1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447
Size

1KB
Sample

240410-lvdzrabc79
MD5

fa8009ec4b46e0469fb42a58032fcdf7
SHA1

714cd57e5a9ee053774d322ff936d906c8e4172e
SHA256

1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447
SHA512

a0a1a1fe4df5c88ae7d66b82bdd1f5e1f1964660b516b8c021bd07fa5eb7eb0bf89ec82ec20164753ce2164577de1e4f08894acfa98c0154aae1dd7377bc69b6

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://a0706248.xsph.ru/reject/headlong.txt

Targets

- Target
  
  1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447
- Size
  
  1KB
- MD5
  
  fa8009ec4b46e0469fb42a58032fcdf7
- SHA1
  
  714cd57e5a9ee053774d322ff936d906c8e4172e
- SHA256
  
  1cb2d299508739ae85d655efd6470c7402327d799eb4b69974e2efdb9226e447
- SHA512
  
  a0a1a1fe4df5c88ae7d66b82bdd1f5e1f1964660b516b8c021bd07fa5eb7eb0bf89ec82ec20164753ce2164577de1e4f08894acfa98c0154aae1dd7377bc69b6
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2