General
-
Target
output(1)(1).js
-
Size
9KB
-
Sample
221128-j2pzgsgh66
-
MD5
457ddfc8f22d62496b18842824d69fe1
-
SHA1
7dbcf4a549128f0a108a40057c1b4a1c34a1023d
-
SHA256
b1a7f40f3e1a87d3db5daa508219e315d1d6ce77d772a7256eaa16d880359a90
-
SHA512
ae5c5176e164d5610c37a2950310b13735de175d0976809f4fa4fe4bf1bd19d87d4f5aa0ca453afe57512848cea80fe6432274c68da39a559e451a66d1d036ee
-
SSDEEP
192:ZblVH3Ye8iGlyi5K3hAwhB7VBOHwI+0eM1gr2JhEKyhOhr7kGLgIY9NhAAbmx:ZbciGlygwhBDOQI+EWwSLhOhX7gIY9N8
Static task
static1
Behavioral task
behavioral1
Sample
output(1)(1).js
Resource
win7-20220901-en
Malware Config
Extracted
formbook
tu7g
fbbktzFKN8MB1h8=
FPidEXGfkl0WqgXoVhHehw==
iHEjIL7XwJdpN6Er4Evhu03o
fHQTMsjqD3cPpQ==
VDXmCsr22oYhshz/Fg305nF21Q==
j4ZHfk5rRf6tVtwbMRU=
AORqAXKWy4R+//VwFdB6VVk=
9PW0Yw9RkIfer5+/bum7nlxwy1QfDQ==
ZU8mUjRgSOn3d0eFD3puQgVpnaAj
nlHgT2aJaMMB1h8=
+qc6XcgwdjVsEgKQ2zT+
/gCHJbBZrWjx1OZN40Hhu03o
48dX+WeLWAjFZMR2lItP8bJ87X4=
+N6H9VVzix7uogI=
Jf/NAPQe+8we7uftVhHehw==
YmANk8T+ix7uogI=
GTKxpLAYsJTl
pT8FM/QacYAV/+VInxn0
8JAnF9PnyZA29xH3Iw==
8ZdFPhCvGxYBxRCTqtB6VVk=
oEFAb1KQ+MMB1h8=
fCDG5xT7ymUxMvIE68/Fjw==
wLtTVh5ENMPcuBw=
3tmArOWR1oqbdspG4T/hu03o
77lcAEtzQPg805/bfuDMlZ1pnaAj
XSS+arndFfCsVtwbMRU=
2PF3BzB1D5I5vA==
5rxel2MIN540tg==
6/19nF6X36jo54md
K/N9Fsp90Zo99xH3Iw==
S9114R5DIM+4knCf
zn8SD0ap87Ksh1eM
LuusVc4B5KU/9xH3Iw==
7MB5NHSWhCQmqNwbMRU=
JTHI8f+o9skxAugBmgz25nF21Q==
WP20Ytf7D3cPpQ==
Kwy5vbdSu8AuqRfyVhHehw==
ZlodQQ4xAqoyDOlInxn0
+xOeO4CulTQwqNwbMRU=
hzDb1Z7REPRMIixl6Ezhu03o
KNWX0NQJ3Hx4StwbMRU=
Vv4CUhOrD5I5vA==
kmYiSSXFCNGZUtwbMRU=
aYEbzX4rkEEn3tddZVUG5nF21Q==
oHP3D/0cCf9fF/ccthX35nF21Q==
+IdOm4ejdhD4pgjpVhHehw==
5+FzWwgpHvfEf+WHp9B6VVk=
p2sdvuQNWDjM2lVGKxM=
eSW0oY3HpmCfWiweODvvkKFpnaAj
Y0b9I9cGWkNYamWV
jWot0GfQFNOZVtwbMRU=
9vKpJYsplH5CRWPb7t3MdlE=
J/p76BxPnH/79m4JJAvoxkjw
ahbVAAGe4pWqPj+5CquTZFs=
vmIgwy5bTUY0qNwbMRU=
BMFXd61VpqUwsg3B5+vO5nF21Q==
tZtIQUHrOQcOFP4WuTj8
xLRt6VeObi7+wjX+VhHehw==
oWEj0UZyUOtaG/spx0bhu03o
fmH5Ycis19Ly
ZifmGwg5l6GEQNgzTB8=
Khm1W9Z30o4foumH6dB6VVk=
po82VXUebjBVDZ/96hfy
r20yAkFfOe4WpNwbMRU=
eddiyiming.shop
Targets
-
-
Target
output(1)(1).js
-
Size
9KB
-
MD5
457ddfc8f22d62496b18842824d69fe1
-
SHA1
7dbcf4a549128f0a108a40057c1b4a1c34a1023d
-
SHA256
b1a7f40f3e1a87d3db5daa508219e315d1d6ce77d772a7256eaa16d880359a90
-
SHA512
ae5c5176e164d5610c37a2950310b13735de175d0976809f4fa4fe4bf1bd19d87d4f5aa0ca453afe57512848cea80fe6432274c68da39a559e451a66d1d036ee
-
SSDEEP
192:ZblVH3Ye8iGlyi5K3hAwhB7VBOHwI+0eM1gr2JhEKyhOhr7kGLgIY9NhAAbmx:ZbciGlygwhBDOQI+EWwSLhOhX7gIY9N8
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-