90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280 | Triage

Sharing

General

Target

90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280.js
Size

30KB
Sample

230519-tlsesaef34
MD5

44ceea9bb05fe4616c1b09a0c1f520df
SHA1

748c91404e96a24b4e382faf3e514e921f6d42c9
SHA256

90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280
SHA512

a05384f6ff425efc917f00249cd23b5af96d8dda53f8b328ef1c6d1787c99549d439ccdb490960cacd97fe9ef336af91b24980547104a910c55059f942b7ecaa
SSDEEP

384:O39+2LVw4HL53XjwAKbTNhLYKFUtBFe9B9PlRSOfXAWbQjNP:1ow+3XUAKnNyKuFcoWbYx

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://193.233.233.92/f2.ps1

Targets

- Target
  
  90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280.js
- Size
  
  30KB
- MD5
  
  44ceea9bb05fe4616c1b09a0c1f520df
- SHA1
  
  748c91404e96a24b4e382faf3e514e921f6d42c9
- SHA256
  
  90b76f040fda32466006591021f2e291721a522ed1f280033b42d4f1e6461280
- SHA512
  
  a05384f6ff425efc917f00249cd23b5af96d8dda53f8b328ef1c6d1787c99549d439ccdb490960cacd97fe9ef336af91b24980547104a910c55059f942b7ecaa
- SSDEEP
  
  384:O39+2LVw4HL53XjwAKbTNhLYKFUtBFe9B9PlRSOfXAWbQjNP:1ow+3XUAKnNyKuFcoWbYx
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2