General
-
Target
bestintercomthingswhichgivebestthingstogetmeback.hta
-
Size
131KB
-
Sample
241029-ptm3tatrdw
-
MD5
6d739d6533520e553037e609fe0530d9
-
SHA1
4fd1330dabaa0a32e7ea25ab462ea19acf14cb98
-
SHA256
d1f9d23d0edf09bfafba1ecc9a34783a4bb3761f2eceab302bdb368a6e2ea144
-
SHA512
b604ced91e154fa98cded0aeb124ef42a4bd2206cb4e0ed9d81b1fcd9f43031e24c53ac2ccb10598493ad8bbb4d0e3441d71b2cb114db06955a0024b69c4e2b8
-
SSDEEP
96:4vCt7Q3lBAWVffN1klyKByKcwfz56KeqQ:4vCF2Vfcy2yUQ
Static task
static1
Behavioral task
behavioral1
Sample
bestintercomthingswhichgivebestthingstogetmeback.hta
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
bestintercomthingswhichgivebestthingstogetmeback.hta
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
Targets
-
-
Target
bestintercomthingswhichgivebestthingstogetmeback.hta
-
Size
131KB
-
MD5
6d739d6533520e553037e609fe0530d9
-
SHA1
4fd1330dabaa0a32e7ea25ab462ea19acf14cb98
-
SHA256
d1f9d23d0edf09bfafba1ecc9a34783a4bb3761f2eceab302bdb368a6e2ea144
-
SHA512
b604ced91e154fa98cded0aeb124ef42a4bd2206cb4e0ed9d81b1fcd9f43031e24c53ac2ccb10598493ad8bbb4d0e3441d71b2cb114db06955a0024b69c4e2b8
-
SSDEEP
96:4vCt7Q3lBAWVffN1klyKByKcwfz56KeqQ:4vCF2Vfcy2yUQ
Score10/10-
Blocklisted process makes network request
-
Evasion via Device Credential Deployment
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-