General

  • Target

    b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6

  • Size

    70KB

  • Sample

    241120-ypp62swrek

  • MD5

    d9482b1fbcb43993bbb99502681babbe

  • SHA1

    75632be24e11ab94892b5eb9e5b56e88986a2bdb

  • SHA256

    b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6

  • SHA512

    81c0495a923592e89f877bfa91d5b1d3b676aba9833d5ea6cd050b0b2a83ac935e085a8e10d8ac6470f4080e022d1d5926998b4279a4ff71ae9288a98261cb63

  • SSDEEP

    1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

    • Target

      b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6

    • Size

      70KB

    • MD5

      d9482b1fbcb43993bbb99502681babbe

    • SHA1

      75632be24e11ab94892b5eb9e5b56e88986a2bdb

    • SHA256

      b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6

    • SHA512

      81c0495a923592e89f877bfa91d5b1d3b676aba9833d5ea6cd050b0b2a83ac935e085a8e10d8ac6470f4080e022d1d5926998b4279a4ff71ae9288a98261cb63

    • SSDEEP

      1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks