f4e72685fb3efa5bad200451d36c7d1e72a94515c515bdbb09c00254dca289ea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pax_2023_AB1058..js
Size

28KB
Sample

230505-ny1zssca41
MD5

12f77d1be4344fb88f1093550b092ab6
SHA1

1f940943608479599f11d2d8fd0734a74d456ea8
SHA256

f4e72685fb3efa5bad200451d36c7d1e72a94515c515bdbb09c00254dca289ea
SHA512

16444b02d23744740a3d2d32d1c62b35ced138cdd3a053dc3dcafc556c3b112ba157793e11c8b095bd3baac80455d12c6cacec363c03df7ca59e59f852c83748
SSDEEP

768:qmqR4BMNPxfyxlKAbtSg0r3T9XRLlPJ3CKF:q5cMvfyxlJb4g0r3TJRLP3CKF

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://homospoison.ru/one/portable.exe

Targets

- Target
  
  pax_2023_AB1058..js
- Size
  
  28KB
- MD5
  
  12f77d1be4344fb88f1093550b092ab6
- SHA1
  
  1f940943608479599f11d2d8fd0734a74d456ea8
- SHA256
  
  f4e72685fb3efa5bad200451d36c7d1e72a94515c515bdbb09c00254dca289ea
- SHA512
  
  16444b02d23744740a3d2d32d1c62b35ced138cdd3a053dc3dcafc556c3b112ba157793e11c8b095bd3baac80455d12c6cacec363c03df7ca59e59f852c83748
- SSDEEP
  
  768:qmqR4BMNPxfyxlKAbtSg0r3T9XRLlPJ3CKF:q5cMvfyxlJb4g0r3TJRLP3CKF
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2