General
-
Target
d1a5e6708ae70fff83f394f2fc5027d14e42fdb624c369662ebcd682cded0ac6.hta
-
Size
207KB
-
Sample
241108-eftckaxmgm
-
MD5
21bf484c8fe4564e1f0e0fc0aa522199
-
SHA1
0bda2d5048d1555ef9ef50f4fd192c0838677c94
-
SHA256
d1a5e6708ae70fff83f394f2fc5027d14e42fdb624c369662ebcd682cded0ac6
-
SHA512
1dbf4a2f78b482b6d80eb48c9c2434a8907081a468c820ad9085fcede6134fe41c8c27a3e8f2ad7fa3f1d702e2b0904d885bfda8300ced9c4924c6e869e9baea
-
SSDEEP
96:43F97gSlqxRtwJPcEI/MOoMQbvfhKGAfQ:43F1OxvmUxevfU3Q
Malware Config
Extracted
https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0
https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0
Targets
-
-
Target
d1a5e6708ae70fff83f394f2fc5027d14e42fdb624c369662ebcd682cded0ac6.hta
-
Size
207KB
-
MD5
21bf484c8fe4564e1f0e0fc0aa522199
-
SHA1
0bda2d5048d1555ef9ef50f4fd192c0838677c94
-
SHA256
d1a5e6708ae70fff83f394f2fc5027d14e42fdb624c369662ebcd682cded0ac6
-
SHA512
1dbf4a2f78b482b6d80eb48c9c2434a8907081a468c820ad9085fcede6134fe41c8c27a3e8f2ad7fa3f1d702e2b0904d885bfda8300ced9c4924c6e869e9baea
-
SSDEEP
96:43F97gSlqxRtwJPcEI/MOoMQbvfhKGAfQ:43F1OxvmUxevfU3Q
Score10/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Evasion via Device Credential Deployment
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-