Overview

overview

10

Static

static

1

Notice_2_m...103.js

windows7-x64

10

Notice_2_m...103.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Notice_2_may_8086103.js

  • Size

    191KB

  • Sample

    230502-qq3jrsda7z

  • MD5

    a088562e4dad2045f22b59d239fb468e

  • SHA1

    6a252f41a3cfeee131fe11b5cb4a8cf1a9effdf0

  • SHA256

    90fc2948a7ef2b916fed5c29398eb5ea8ff8a521e9e7e02130621470a5d33eb4

  • SHA512

    96bdad09ac1a5b0e85460586dd223cb0ff58efab8c5a1482015b77a25424a981bf0213372f2d3bbbee49f7c03cc275a3de996b7481b34d7f5ae0080b660c2056

  • SSDEEP

    3072:L3dfJMM6lMJX+yRVy4Ie4L/3+5/w4hFh1FjTZzpblQgbfdV9iUkj4qV7Mj6b60BO:yI

Score
10/10

Malware Config

Targets

    • Target

      Notice_2_may_8086103.js

    • Size

      191KB

    • MD5

      a088562e4dad2045f22b59d239fb468e

    • SHA1

      6a252f41a3cfeee131fe11b5cb4a8cf1a9effdf0

    • SHA256

      90fc2948a7ef2b916fed5c29398eb5ea8ff8a521e9e7e02130621470a5d33eb4

    • SHA512

      96bdad09ac1a5b0e85460586dd223cb0ff58efab8c5a1482015b77a25424a981bf0213372f2d3bbbee49f7c03cc275a3de996b7481b34d7f5ae0080b660c2056

    • SSDEEP

      3072:L3dfJMM6lMJX+yRVy4Ie4L/3+5/w4hFh1FjTZzpblQgbfdV9iUkj4qV7Mj6b60BO:yI

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks