3414757b53f26903f028478af85c2015bd1e705790dde5fb76203e76ea9776ac | Triage

Sharing

General

Target

PURCHASE_ORDER.js
Size

9KB
Sample

221123-rq95aahc78
MD5

52efab3dce122a69e7269482c63f6b2e
SHA1

4f17f88b0976bec6a52b1c379980eb8e941d64f2
SHA256

3414757b53f26903f028478af85c2015bd1e705790dde5fb76203e76ea9776ac
SHA512

dccdfc6b0208014797422276ec5bc91d05cde6ca7df21cb5e4f7839558e65fcffda3d5a65f287fccf621c054be1c9ea925ad7bdfa275ce2beeeab17983c05362
SSDEEP

192:I7djnUPoO+dmeSrgafq+aZQ/cAGYAzrHw6A9ZSmpnhVBE+EJl17vctTnZIFtuni4:GnUArdmeSrnfqPHAGP5ATSm/EJD4TnZJ

Score

8^/10

Malware Config

Targets

- Target
  
  PURCHASE_ORDER.js
- Size
  
  9KB
- MD5
  
  52efab3dce122a69e7269482c63f6b2e
- SHA1
  
  4f17f88b0976bec6a52b1c379980eb8e941d64f2
- SHA256
  
  3414757b53f26903f028478af85c2015bd1e705790dde5fb76203e76ea9776ac
- SHA512
  
  dccdfc6b0208014797422276ec5bc91d05cde6ca7df21cb5e4f7839558e65fcffda3d5a65f287fccf621c054be1c9ea925ad7bdfa275ce2beeeab17983c05362
- SSDEEP
  
  192:I7djnUPoO+dmeSrgafq+aZQ/cAGYAzrHw6A9ZSmpnhVBE+EJl17vctTnZIFtuni4:GnUArdmeSrnfqPHAGP5ATSm/EJD4TnZJ
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2