General
-
Target
a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1.hta
-
Size
1KB
-
Sample
241213-dcvksaxrej
-
MD5
21bd78bbc50aa0b32d6e8d1868e9ad5e
-
SHA1
8a4278d077fa472fd6e4cbde95e6a3b928eff10b
-
SHA256
a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1
-
SHA512
3d088b7ff90f722223fe2cef2bd65b8df3fdcaa92fe14f46b8c1f2b9ee0c3c1c94cff2ca02acf9619ffa372db4565fc1b576fd553e928ebf6d94238b86eace0e
Malware Config
Targets
-
-
Target
a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1.hta
-
Size
1KB
-
MD5
21bd78bbc50aa0b32d6e8d1868e9ad5e
-
SHA1
8a4278d077fa472fd6e4cbde95e6a3b928eff10b
-
SHA256
a5a7a72decc3a1f9bb2e0c39269f9660051a3a40c34f87789e33995b9dd2b9e1
-
SHA512
3d088b7ff90f722223fe2cef2bd65b8df3fdcaa92fe14f46b8c1f2b9ee0c3c1c94cff2ca02acf9619ffa372db4565fc1b576fd553e928ebf6d94238b86eace0e
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-