Extracted

• • Target

    greatthingswithmegreatloverherehavewithmegreat.hta

  • Size

    207KB

  • MD5

    21bf484c8fe4564e1f0e0fc0aa522199

  • SHA1

    0bda2d5048d1555ef9ef50f4fd192c0838677c94

  • SHA256

    d1a5e6708ae70fff83f394f2fc5027d14e42fdb624c369662ebcd682cded0ac6

  • SHA512

    1dbf4a2f78b482b6d80eb48c9c2434a8907081a468c820ad9085fcede6134fe41c8c27a3e8f2ad7fa3f1d702e2b0904d885bfda8300ced9c4924c6e869e9baea

  • SSDEEP

    96:43F97gSlqxRtwJPcEI/MOoMQbvfhKGAfQ:43F1OxvmUxevfU3Q

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2