Overview

overview

10

Static

static

1

TRX67456745.js

windows7-x64

8

TRX67456745.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    TRX67456745.zip

  • Size

    10KB

  • Sample

    230607-pl66qaad33

  • MD5

    7385ab144469552f5e2fb5e29857ebe5

  • SHA1

    242bdef0084869b0e410f919fc73d2da1102a700

  • SHA256

    2d5f28202160c3fb16c435297833e9c6aece340cff9b0455cb26fbd725232dc2

  • SHA512

    3534dfb239c090d824775c9320d57794f8bc2f0f6b972a0d61c35aa25722eae4227a5713a1365d361941f68026753314f126c87fa0bd9070b294671e1bf468a6

  • SSDEEP

    192:AuROj0jtFeL5LQ1k6RDoMa52UmgD3A3vSEEs5looo3f6ZJ94AUGRxWDd:RckFeRh6RDCQUmFqUlDov6f9FxWDd

Score
10/10
persistence

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://laverneme.com/systemwp.php

Targets

    • Target

      TRX67456745.js

    • Size

      38KB

    • MD5

      2dcd12b27189b7ed0c9fa8e6bd9295fc

    • SHA1

      b7fcdef9fbe2a9fefbd2bb1619aa6abfb9689beb

    • SHA256

      30c70636d4cacb75b3ee872ee0923157a2df6ab48c3834d956b0beafb420ec77

    • SHA512

      ad6b5107b3b2c6cba0b2aa70712a607f67c128b40984e904aac81166af308519f5bb83e2ef0018b67e5480bc496122417b13b734e14e74ff983475faee92a1e2

    • SSDEEP

      384:bJVRkqsF/+8BbP26SrOEt1bQA9DK6FYJzuqig44QipqGWs0amp0+H59PKe0Z78Q+:bJ4quboOqbbFquqigqhsEPKe0Z78QTS

    Score
    10/10
    persistence

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks