3ac7b7be256ed723792c50d44eb38da6207993463f7e7a5b1c3788ada0567d2e | Triage

Sharing

General

Target

PaymentDetails#765.js
Size

240KB
Sample

210113-jwh4lbegb2
MD5

74bccd5892c45290559b623d0f9f628f
SHA1

4b2d9066f1542453af9f37bc421684e7a6eec255
SHA256

3ac7b7be256ed723792c50d44eb38da6207993463f7e7a5b1c3788ada0567d2e
SHA512

2ab01e3d379194e4d7f86ce2d973e827ccbe0f680d023ba2bbbe4b70cb06268ca5a9a50166616ca99822d84e9fb244976f758e00e56f48c45d1931f8267384c2

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  PaymentDetails#765.js
- Size
  
  240KB
- MD5
  
  74bccd5892c45290559b623d0f9f628f
- SHA1
  
  4b2d9066f1542453af9f37bc421684e7a6eec255
- SHA256
  
  3ac7b7be256ed723792c50d44eb38da6207993463f7e7a5b1c3788ada0567d2e
- SHA512
  
  2ab01e3d379194e4d7f86ce2d973e827ccbe0f680d023ba2bbbe4b70cb06268ca5a9a50166616ca99822d84e9fb244976f758e00e56f48c45d1931f8267384c2
Score

8^/10

persistence
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2