Overview

overview

10

Static

static

1

not009647_...160.js

windows7-x64

10

not009647_...160.js

windows10-1703-x64

10

not009647_...160.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    not009647_10_may_4238160.js

  • Size

    387KB

  • Sample

    230511-cejqmabb68

  • MD5

    9bf2fae7ad74a14ea48b8f919bd42bc0

  • SHA1

    c20df56479606b1015c9eb7f5f46f522474a4d11

  • SHA256

    8901142f94c9b917db4299b20aff22b24816168c9e73c993ab3e79733a3bc624

  • SHA512

    e1d4f05087888dae7b6caca4af7f4eb301b143c693a86ce86d23cc82a50342266d3f36e212d646485e3b449fa8a5fcc2839a474630e627b8d235a5672d8c2dc8

  • SSDEEP

    3072:IOgqsrHZMOZ9dmOts43o4WZWXQB1HFhBJsyTV3LfbBJdlNrtJ3gSQuyHNJAMTa3o:m

Score
10/10

Malware Config

Targets

    • Target

      not009647_10_may_4238160.js

    • Size

      387KB

    • MD5

      9bf2fae7ad74a14ea48b8f919bd42bc0

    • SHA1

      c20df56479606b1015c9eb7f5f46f522474a4d11

    • SHA256

      8901142f94c9b917db4299b20aff22b24816168c9e73c993ab3e79733a3bc624

    • SHA512

      e1d4f05087888dae7b6caca4af7f4eb301b143c693a86ce86d23cc82a50342266d3f36e212d646485e3b449fa8a5fcc2839a474630e627b8d235a5672d8c2dc8

    • SSDEEP

      3072:IOgqsrHZMOZ9dmOts43o4WZWXQB1HFhBJsyTV3LfbBJdlNrtJ3gSQuyHNJAMTa3o:m

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks