Overview

overview

10

Static

static

1

greatthing...ds.hta

windows7-x64

10

greatthing...ds.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    greatthingswithmegoods.hta

  • Size

    205KB

  • Sample

    241031-y4wbls1pe1

  • MD5

    f319180bb125ab8cc66ecb36901d9a74

  • SHA1

    ae97c7498f9477f177c36693973b88debcc312c5

  • SHA256

    4e11f8c96a579711eff961da1b26ca6613f62559a7292a66933f9bbdadccdf1b

  • SHA512

    ea1c65c08b708b2951b57d319af38af965b7e2753f31ad63b519610f8ad0bf6aae3733d11411ee5ee48f40088b3b2552bd59c67cd7fe44c4c687dbe09734bbab

  • SSDEEP

    48:4FhWsTR/F7gNqXfEK0hh+599qhhmo592USPiJ24K0qcT99DddQLOPePmkqeeNenY:43F97gK04rqR4ac4jfs6SykjViEAIfQ

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      greatthingswithmegoods.hta

    • Size

      205KB

    • MD5

      f319180bb125ab8cc66ecb36901d9a74

    • SHA1

      ae97c7498f9477f177c36693973b88debcc312c5

    • SHA256

      4e11f8c96a579711eff961da1b26ca6613f62559a7292a66933f9bbdadccdf1b

    • SHA512

      ea1c65c08b708b2951b57d319af38af965b7e2753f31ad63b519610f8ad0bf6aae3733d11411ee5ee48f40088b3b2552bd59c67cd7fe44c4c687dbe09734bbab

    • SSDEEP

      48:4FhWsTR/F7gNqXfEK0hh+599qhhmo592USPiJ24K0qcT99DddQLOPePmkqeeNenY:43F97gK04rqR4ac4jfs6SykjViEAIfQ

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks