de98a33ed6bbd7f0d48346d4a55fb7519b9d6c5afa0e1b46e97c41d0a722fd47 | Triage

Submit
Reports

Overview

overview

Static

static

1

6220_837_pdf.js

windows10-2004-x64

Resubmissions

05/07/2023, 19:03

230705-xqpfgafc97 10

05/07/2023, 18:13

230705-wtsrmage2t 10

Sharing

General

Target

6220_837_pdf.js
Size

320KB
Sample

230705-xqpfgafc97
MD5

8008857b28d94bb0df9b513906ed1508
SHA1

d88e06d7ace9289d09a652e294c0654cfd0b573d
SHA256

de98a33ed6bbd7f0d48346d4a55fb7519b9d6c5afa0e1b46e97c41d0a722fd47
SHA512

720f41be8cbd3545d54d4a307559a460e4b2da0a75dc48914f1bd6645911cfb9a0a95f493afdb91f825d8296d2d1d578750f414a31580851a2be0d8c5a15bacc
SSDEEP

1536:JAYMJMMPQXgBFhHZqOQYcEp24+zVevP5e+3kGra+TmarAYvJMMPQXgBFhHZrOQYW:RgBFhQOQY06TagBFhFOQY06T4

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

6220_837_pdf.js

Resource

win10v2004-20230703-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://cryptersandtools.minhacasa.tv/e/js_startup

Targets

- Target
  
  6220_837_pdf.js
- Size
  
  320KB
- MD5
  
  8008857b28d94bb0df9b513906ed1508
- SHA1
  
  d88e06d7ace9289d09a652e294c0654cfd0b573d
- SHA256
  
  de98a33ed6bbd7f0d48346d4a55fb7519b9d6c5afa0e1b46e97c41d0a722fd47
- SHA512
  
  720f41be8cbd3545d54d4a307559a460e4b2da0a75dc48914f1bd6645911cfb9a0a95f493afdb91f825d8296d2d1d578750f414a31580851a2be0d8c5a15bacc
- SSDEEP
  
  1536:JAYMJMMPQXgBFhHZqOQYcEp24+zVevP5e+3kGra+TmarAYvJMMPQXgBFhHZrOQYW:RgBFhQOQY06TagBFhFOQY06T4
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy