e2eecaabb731f95b6b0250eb5e1b0324ad5844cdc43c1b8497a6972061abf775 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

850751de7b8e158d86469d22ad1c3101
Size

1KB
Sample

240410-phyp6sfd33
MD5

850751de7b8e158d86469d22ad1c3101
SHA1

040eb591500caa4cbaa0c57b0059c30166c1e5c0
SHA256

e2eecaabb731f95b6b0250eb5e1b0324ad5844cdc43c1b8497a6972061abf775
SHA512

f3528062fdec7aa7fb6c4c790de2bcbd82145c0f850e5483f5c03ead339a74187db2d0198898ba334938b231c789d6f03a4645dc7ee4626db8eab68bdd4c10ba

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://bit.ly/38EZIGT

Targets

- Target
  
  850751de7b8e158d86469d22ad1c3101
- Size
  
  1KB
- MD5
  
  850751de7b8e158d86469d22ad1c3101
- SHA1
  
  040eb591500caa4cbaa0c57b0059c30166c1e5c0
- SHA256
  
  e2eecaabb731f95b6b0250eb5e1b0324ad5844cdc43c1b8497a6972061abf775
- SHA512
  
  f3528062fdec7aa7fb6c4c790de2bcbd82145c0f850e5483f5c03ead339a74187db2d0198898ba334938b231c789d6f03a4645dc7ee4626db8eab68bdd4c10ba
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2