07b127b0c351547fa8ec4cac6cd5fd68dc8916dc4557ab13909ca95d53478a7d | Triage

Resubmissions

29-08-2024 15:03

240829-se3rhazcnk 3

29-08-2024 14:56

240829-sbfskazarr 10

Sharing

General

Target

pgrtmed
Size

179KB
Sample

240829-sbfskazarr
MD5

84c6cd45b6bdfd46e463698a490717c5
SHA1

62ae8ae8ed629d861a0067ec05541c5b9f55b03a
SHA256

07b127b0c351547fa8ec4cac6cd5fd68dc8916dc4557ab13909ca95d53478a7d
SHA512

dbc7902b037f9b4c0a5c269a05b4d439856c43727098fc61233b6b56ad80e5520c8a7279f5bad8cb6d1a748c61e753f472d4a8e62012d69c9d7cb4522e2f610e
SSDEEP

3072:u88nbom5iYK288nbom5iYKk88nbom5iYKn88nbom5iYK:fyihHyihxyiheyih

Score

10^/10

discovery execution

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://myapt67.s3.amazonaws.com/pgrtmed

Targets

- Target
  
  pgrtmed
- Size
  
  179KB
- MD5
  
  84c6cd45b6bdfd46e463698a490717c5
- SHA1
  
  62ae8ae8ed629d861a0067ec05541c5b9f55b03a
- SHA256
  
  07b127b0c351547fa8ec4cac6cd5fd68dc8916dc4557ab13909ca95d53478a7d
- SHA512
  
  dbc7902b037f9b4c0a5c269a05b4d439856c43727098fc61233b6b56ad80e5520c8a7279f5bad8cb6d1a748c61e753f472d4a8e62012d69c9d7cb4522e2f610e
- SSDEEP
  
  3072:u88nbom5iYK288nbom5iYKk88nbom5iYKn88nbom5iYK:fyihHyihxyiheyih
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution