32b2a9014ff68b0458e22e4c5823ec5f9bfd22d098281d0e5c245260db55ac85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ccb5ab36adb3049199871c8ea2ac7c09.hta
Size

102KB
Sample

240803-h68fyswfqn
MD5

ccb5ab36adb3049199871c8ea2ac7c09
SHA1

3fa4c77531043b8abe2c644d72e91809a771fb09
SHA256

32b2a9014ff68b0458e22e4c5823ec5f9bfd22d098281d0e5c245260db55ac85
SHA512

d28a2b40efba758ac1eeb0555ae57db8eac57a7b6cf358ffc4bd4c802b1c7fadd4a8febd882d7b28eea1c6f301a5447905a150128df3d9a84382bc1e57bb4de0
SSDEEP

768:tZ6A3yXNA0AGAckW5GBm5JlIDJ4gKMB7s+QiXAZO:tmbuxn

Score

8^/10

defense_evasion discovery execution

Malware Config

Targets

- Target
  
  ccb5ab36adb3049199871c8ea2ac7c09.hta
- Size
  
  102KB
- MD5
  
  ccb5ab36adb3049199871c8ea2ac7c09
- SHA1
  
  3fa4c77531043b8abe2c644d72e91809a771fb09
- SHA256
  
  32b2a9014ff68b0458e22e4c5823ec5f9bfd22d098281d0e5c245260db55ac85
- SHA512
  
  d28a2b40efba758ac1eeb0555ae57db8eac57a7b6cf358ffc4bd4c802b1c7fadd4a8febd882d7b28eea1c6f301a5447905a150128df3d9a84382bc1e57bb4de0
- SSDEEP
  
  768:tZ6A3yXNA0AGAckW5GBm5JlIDJ4gKMB7s+QiXAZO:tmbuxn
Score

8^/10

defense_evasion discovery execution
- Blocklisted process makes network request
- Evasion via Device Credential Deployment
  defense_evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

behavioral2

defense_evasiondiscoveryexecution