General

  • Target

    seemybestpartaroundtheworldtogetmethingsfornewone.hta

  • Size

    207KB

  • Sample

    241113-h931ms1jap

  • MD5

    1cc49542b6408627091678140cb916c9

  • SHA1

    66e198338df798a6ef051a71feee749bae890a6d

  • SHA256

    0a1406408e5a87cd2610c8c3c7edce3c2390ab15c901f8d1168ebdee211910e7

  • SHA512

    1a0a432d112a5f2091c25a629c4a345bd0977207d4451b1581d0b1bdab2375b38207d0e760a56d595fcc975b9d708b897347a7d5a408f1a13c53965d23e9314b

  • SSDEEP

    96:43F97yT4lwyT4lYv7eZ9emfyFX4T4lTfQ:43F1yT4myT4Kv7eOkyd4T4dQ

Malware Config

Targets

    • Target

      seemybestpartaroundtheworldtogetmethingsfornewone.hta

    • Size

      207KB

    • MD5

      1cc49542b6408627091678140cb916c9

    • SHA1

      66e198338df798a6ef051a71feee749bae890a6d

    • SHA256

      0a1406408e5a87cd2610c8c3c7edce3c2390ab15c901f8d1168ebdee211910e7

    • SHA512

      1a0a432d112a5f2091c25a629c4a345bd0977207d4451b1581d0b1bdab2375b38207d0e760a56d595fcc975b9d708b897347a7d5a408f1a13c53965d23e9314b

    • SSDEEP

      96:43F97yT4lwyT4lYv7eZ9emfyFX4T4lTfQ:43F1yT4myT4Kv7eOkyd4T4dQ

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Evasion via Device Credential Deployment

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks