Overview

overview

8

Static

static

1

recaptcha-verify.hta

windows7-x64

8

recaptcha-verify.hta

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    recaptcha-verify

  • Size

    3KB

  • Sample

    241107-2d8qssyngx

  • MD5

    0bcfd0940875c7b01f686ddda93a6fab

  • SHA1

    b9a25db0eb61185546764e3169983a8f1b40bef3

  • SHA256

    6367db8e2f02618dd034cd2e78273875756ec9cb20b2e396ce0cacb2e774c54f

  • SHA512

    078cfc0275c77fcbfe215a6705e21a40e1c7503de4eea93787fc3c2c723f33945378b27fbd2a29335b5416063191add38088d87c5d219112eccaeccccb4d3db8

Score
8/10
googlediscoveryevasionphishingtrojan

Malware Config

Targets

    • Target

      recaptcha-verify

    • Size

      3KB

    • MD5

      0bcfd0940875c7b01f686ddda93a6fab

    • SHA1

      b9a25db0eb61185546764e3169983a8f1b40bef3

    • SHA256

      6367db8e2f02618dd034cd2e78273875756ec9cb20b2e396ce0cacb2e774c54f

    • SHA512

      078cfc0275c77fcbfe215a6705e21a40e1c7503de4eea93787fc3c2c723f33945378b27fbd2a29335b5416063191add38088d87c5d219112eccaeccccb4d3db8

    Score
    8/10
    googlediscoveryevasionphishingtrojan

    • Blocklisted process makes network request

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Detected potential entity reuse from brand GOOGLE.

      phishinggoogle
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks