General

  • Target

    niceidea.hta

  • Size

    154KB

  • Sample

    241128-g11y9avkfm

  • MD5

    586dc2855cbce16da2db1a5840694321

  • SHA1

    aa92aefd6a9f95dc8e38f4d3b406cf506df9335b

  • SHA256

    4aa454e445cc37d965867da8c17b921cf031045b8ecb90dc1884522a794d32f4

  • SHA512

    53685b59faf9cff6d5cc4d07d7cda09e384a412ce79c5fb11fd48d815005cc60bf56d944a0fde3c1c274e5565f2ff4385db6e2fa1461a3e7b8f0e446d4558779

  • SSDEEP

    96:4owZw9d6yfaKPQEoXRUn+VO+ehLGOToQPU6ghhiXB3zn+/edxCUMIqh2SCw2QKSs:4LwSiolYyrk3DwQ

Malware Config

Targets

    • Target

      niceidea.hta

    • Size

      154KB

    • MD5

      586dc2855cbce16da2db1a5840694321

    • SHA1

      aa92aefd6a9f95dc8e38f4d3b406cf506df9335b

    • SHA256

      4aa454e445cc37d965867da8c17b921cf031045b8ecb90dc1884522a794d32f4

    • SHA512

      53685b59faf9cff6d5cc4d07d7cda09e384a412ce79c5fb11fd48d815005cc60bf56d944a0fde3c1c274e5565f2ff4385db6e2fa1461a3e7b8f0e446d4558779

    • SSDEEP

      96:4owZw9d6yfaKPQEoXRUn+VO+ehLGOToQPU6ghhiXB3zn+/edxCUMIqh2SCw2QKSs:4LwSiolYyrk3DwQ

    • Blocklisted process makes network request

    • Evasion via Device Credential Deployment

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks