Overview

overview

10

Static

static

1

c1ed3fb7ba...dc.hta

windows7-x64

10

c1ed3fb7ba...dc.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1ed3fb7bacbb5a6446632d8aa2eb73887c2de3290ad7be306a2b24318e2efdc.hta

  • Size

    130KB

  • Sample

    241024-clwc1asblk

  • MD5

    2832f20ca7211fcea0b701b836f25da0

  • SHA1

    87f547839e8aa850bacbb14605884630254b2495

  • SHA256

    c1ed3fb7bacbb5a6446632d8aa2eb73887c2de3290ad7be306a2b24318e2efdc

  • SHA512

    7aa21860d2de54ae4de8e4561cfed4ce1c99b42fc623245c06a8d3828cdadf718f24ec765f27b1925c7bb2bae96fb4da4b9529dd0a2c14d63239dd62b966d10b

  • SSDEEP

    96:Eam73RAu/cdJEAbAu/czJEAabU7f/8h0fAu/chAu/c+nxJEAyTAu/cb7T:Ea23PcbFcVXndcfcMytcnT

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

    • Target

      c1ed3fb7bacbb5a6446632d8aa2eb73887c2de3290ad7be306a2b24318e2efdc.hta

    • Size

      130KB

    • MD5

      2832f20ca7211fcea0b701b836f25da0

    • SHA1

      87f547839e8aa850bacbb14605884630254b2495

    • SHA256

      c1ed3fb7bacbb5a6446632d8aa2eb73887c2de3290ad7be306a2b24318e2efdc

    • SHA512

      7aa21860d2de54ae4de8e4561cfed4ce1c99b42fc623245c06a8d3828cdadf718f24ec765f27b1925c7bb2bae96fb4da4b9529dd0a2c14d63239dd62b966d10b

    • SSDEEP

      96:Eam73RAu/cdJEAbAu/czJEAabU7f/8h0fAu/chAu/c+nxJEAyTAu/cb7T:Ea23PcbFcVXndcfcMytcnT

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Blocklisted process makes network request

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks