b5f58eb5c7ed6b42fc78550a851f72e590ac889e00218261f3d34d16cfaf2522 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Fac_2384.pdf.js
Size

320KB
Sample

230706-qbrtqabc74
MD5

25f5c1393a51c91564d04ac157edf4b1
SHA1

4fbff208196f526a522d75f1ed0bfdc6b2431fb6
SHA256

b5f58eb5c7ed6b42fc78550a851f72e590ac889e00218261f3d34d16cfaf2522
SHA512

ace6784b85a103056046268d2719e756f13d1e95bd2028cdd68cf31d461b66938a44ec7d8abed2e2225132f53368937db9fbea71b401464e9ce92ccae28222d3
SSDEEP

1536:RAYxJMMPQXgBFhHZDOQYcEp24+zVevP5e+3kGra+Tm8AYvJMMPQXgBFhHZrOQYcj:MgBFh9OQY06TugBFhFOQY06T4

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://cryptersandtools.minhacasa.tv/e/js_startup

Targets

- Target
  
  Fac_2384.pdf.js
- Size
  
  320KB
- MD5
  
  25f5c1393a51c91564d04ac157edf4b1
- SHA1
  
  4fbff208196f526a522d75f1ed0bfdc6b2431fb6
- SHA256
  
  b5f58eb5c7ed6b42fc78550a851f72e590ac889e00218261f3d34d16cfaf2522
- SHA512
  
  ace6784b85a103056046268d2719e756f13d1e95bd2028cdd68cf31d461b66938a44ec7d8abed2e2225132f53368937db9fbea71b401464e9ce92ccae28222d3
- SSDEEP
  
  1536:RAYxJMMPQXgBFhHZDOQYcEp24+zVevP5e+3kGra+Tm8AYvJMMPQXgBFhHZrOQYcj:MgBFh9OQY06TugBFhFOQY06T4
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2