Extracted

• • Target

    seethebestthingswithgreatthingshrewithme.hta

  • Size

    205KB

  • MD5

    d50fd6f65b574b2c9ca393cbd44ecf11

  • SHA1

    1f2126c711c25c4104cf34d42316db0cf8b50d89

  • SHA256

    d4ceed54c4c40a1ab8e3dc310e96ad94aa5bb7e65269cac051d974257fb44e90

  • SHA512

    c91cf64044091d7bef8c05e19e28b0c1403960d0944d96e4f68da241b36bfac1689aae6d07356721853a732ee919abe5d1686baf6625f58d5802110e390b20d8

  • SSDEEP

    96:43F97tMfPVMXbfrrFAQGFYIO7QpOMPMKtbMxQ:43F1tiV2VAQTt8NNcQ

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2