Overview

overview

10

Static

static

1

d4ceed54c4...90.hta

windows7-x64

10

d4ceed54c4...90.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4ceed54c4c40a1ab8e3dc310e96ad94aa5bb7e65269cac051d974257fb44e90.hta

  • Size

    205KB

  • Sample

    241101-gj4ntaxhmj

  • MD5

    d50fd6f65b574b2c9ca393cbd44ecf11

  • SHA1

    1f2126c711c25c4104cf34d42316db0cf8b50d89

  • SHA256

    d4ceed54c4c40a1ab8e3dc310e96ad94aa5bb7e65269cac051d974257fb44e90

  • SHA512

    c91cf64044091d7bef8c05e19e28b0c1403960d0944d96e4f68da241b36bfac1689aae6d07356721853a732ee919abe5d1686baf6625f58d5802110e390b20d8

  • SSDEEP

    96:43F97tMfPVMXbfrrFAQGFYIO7QpOMPMKtbMxQ:43F1tiV2VAQTt8NNcQ

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      d4ceed54c4c40a1ab8e3dc310e96ad94aa5bb7e65269cac051d974257fb44e90.hta

    • Size

      205KB

    • MD5

      d50fd6f65b574b2c9ca393cbd44ecf11

    • SHA1

      1f2126c711c25c4104cf34d42316db0cf8b50d89

    • SHA256

      d4ceed54c4c40a1ab8e3dc310e96ad94aa5bb7e65269cac051d974257fb44e90

    • SHA512

      c91cf64044091d7bef8c05e19e28b0c1403960d0944d96e4f68da241b36bfac1689aae6d07356721853a732ee919abe5d1686baf6625f58d5802110e390b20d8

    • SSDEEP

      96:43F97tMfPVMXbfrrFAQGFYIO7QpOMPMKtbMxQ:43F1tiV2VAQTt8NNcQ

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks