Overview

overview

10

Static

static

1

add.bat

windows10-2004-x64

10

Resubmissions

04-11-2024 21:39

241104-1h113sybpr 1

03-11-2024 18:57

241103-xl2v1azrfv 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    add.bat

  • Size

    4KB

  • Sample

    241103-xl2v1azrfv

  • MD5

    6d9e5a870f44aef0be101adc8adb7e1c

  • SHA1

    40389826c8a88b10ba6f8b030d885232c983974a

  • SHA256

    c8badf0124a182162b24435e0d435bee500017573cb5e75ef6cc5f418f91cf4b

  • SHA512

    f5e4d24941f7aca689961ec49ae93be8027c7af48b4c033f8a84d1706221b99b4211217bdfc26433d5a9e2b0fc856ba47b63caea9888ceb4726cce876604d9da

Score
10/10
googlediscoveryexecutionmotwphishing

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://dovip.win/verify/recaptcha-verify

Extracted

Language
hta
Source
URLs
hta.dropper

https://dovip.win/verify/recaptcha-verifymshta

Targets

    • Target

      add.bat

    • Size

      4KB

    • MD5

      6d9e5a870f44aef0be101adc8adb7e1c

    • SHA1

      40389826c8a88b10ba6f8b030d885232c983974a

    • SHA256

      c8badf0124a182162b24435e0d435bee500017573cb5e75ef6cc5f418f91cf4b

    • SHA512

      f5e4d24941f7aca689961ec49ae93be8027c7af48b4c033f8a84d1706221b99b4211217bdfc26433d5a9e2b0fc856ba47b63caea9888ceb4726cce876604d9da

    Score
    10/10
    googlediscoveryexecutionmotwphishing

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Detected potential entity reuse from brand GOOGLE.

      phishinggoogle
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks