Resubmissions

05/07/2023, 19:03

230705-xqpfgafc97 10

05/07/2023, 18:13

230705-wtsrmage2t 10

General

  • Target

    6220_837_pdf.js

  • Size

    320KB

  • Sample

    230705-xqpfgafc97

  • MD5

    8008857b28d94bb0df9b513906ed1508

  • SHA1

    d88e06d7ace9289d09a652e294c0654cfd0b573d

  • SHA256

    de98a33ed6bbd7f0d48346d4a55fb7519b9d6c5afa0e1b46e97c41d0a722fd47

  • SHA512

    720f41be8cbd3545d54d4a307559a460e4b2da0a75dc48914f1bd6645911cfb9a0a95f493afdb91f825d8296d2d1d578750f414a31580851a2be0d8c5a15bacc

  • SSDEEP

    1536:JAYMJMMPQXgBFhHZqOQYcEp24+zVevP5e+3kGra+TmarAYvJMMPQXgBFhHZrOQYW:RgBFhQOQY06TagBFhFOQY06T4

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://cryptersandtools.minhacasa.tv/e/js_startup

Targets

    • Target

      6220_837_pdf.js

    • Size

      320KB

    • MD5

      8008857b28d94bb0df9b513906ed1508

    • SHA1

      d88e06d7ace9289d09a652e294c0654cfd0b573d

    • SHA256

      de98a33ed6bbd7f0d48346d4a55fb7519b9d6c5afa0e1b46e97c41d0a722fd47

    • SHA512

      720f41be8cbd3545d54d4a307559a460e4b2da0a75dc48914f1bd6645911cfb9a0a95f493afdb91f825d8296d2d1d578750f414a31580851a2be0d8c5a15bacc

    • SSDEEP

      1536:JAYMJMMPQXgBFhHZqOQYcEp24+zVevP5e+3kGra+TmarAYvJMMPQXgBFhHZrOQYW:RgBFhQOQY06TagBFhFOQY06T4

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks