f069180ae1318498d510d0b1988c96f48c4a7bb89bec10a41906d5ffbaca3732 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Weterings Machinery B.V..js
Size

164KB
Sample

230629-jph1eadc5x
MD5

380a5afe36e5167ac47635f5ae0d3c0d
SHA1

405525fcb12aa788bff6ea3a0eecd056050e470b
SHA256

f069180ae1318498d510d0b1988c96f48c4a7bb89bec10a41906d5ffbaca3732
SHA512

cc40bed7e52aa78cb1edd845c1b4f1e5c83ad256aced46e7ec21ef6ca1ac2018369d04fd67c53a434f077a07b6815e5f2c0ca0682b68bf97b42ce57f522f059a
SSDEEP

1536:hAYJJMMPQXgBFhHZ4OQYcEp24+zVevP5e+3kGra+TmsmY0:kgBFhyOQY06To

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://ftpserver.winconnection.net/e/js

Targets

- Target
  
  Weterings Machinery B.V..js
- Size
  
  164KB
- MD5
  
  380a5afe36e5167ac47635f5ae0d3c0d
- SHA1
  
  405525fcb12aa788bff6ea3a0eecd056050e470b
- SHA256
  
  f069180ae1318498d510d0b1988c96f48c4a7bb89bec10a41906d5ffbaca3732
- SHA512
  
  cc40bed7e52aa78cb1edd845c1b4f1e5c83ad256aced46e7ec21ef6ca1ac2018369d04fd67c53a434f077a07b6815e5f2c0ca0682b68bf97b42ce57f522f059a
- SSDEEP
  
  1536:hAYJJMMPQXgBFhHZ4OQYcEp24+zVevP5e+3kGra+TmsmY0:kgBFhyOQY06To
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2