Overview

overview

10

Static

static

1

94e9c022dd...b0b.js

windows7-x64

10

94e9c022dd...b0b.js

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0839ebf7ea0b3eb82d7fae3b50e70bd2.bin

  • Size

    39KB

  • Sample

    230831-bc29hsbe5s

  • MD5

    a75573032436b3510a0b2e88664569d7

  • SHA1

    89f3b34b67197b89bd0fc138526aa012b84ec205

  • SHA256

    aeb0938fc4549e518bdc31cb19ff165d8ed6e1010a19937fb65d18684ad8fce4

  • SHA512

    3482c7e073c5ebf0affce464f6c9fb40ab39a0285012ff700dbca187a24cc7126d7ac46fc82ac56cf5b44423a9e1279c1b79fb7144287048f71a9633f1d73960

  • SSDEEP

    768:FcFIpBmCJxlcosb1mLQpYlG1qV8na7cV13M4gYt8IP1pm+qZySUDr:WFgPxeQMpYl7KnaoV13cYDtp3qTS

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/572/679/original/rump_js_link64_startup.jpg?1691689535
exe.dropper

https://uploaddeimagens.com.br/images/004/572/679/original/rump_js_link64_startup.jpg?1691689535

Targets

    • Target

      94e9c022dd38d0ce4675711c926a7675707c59c990179146205188a753baeb0b.unknown

    • Size

      309KB

    • MD5

      0839ebf7ea0b3eb82d7fae3b50e70bd2

    • SHA1

      0dd7ee0a9ae2ec1c7c4f8dad9b27ea96f3a76f08

    • SHA256

      94e9c022dd38d0ce4675711c926a7675707c59c990179146205188a753baeb0b

    • SHA512

      72cea4dc87ee6a28277a5b7964e2d783509914994135c151e699f3c1af5e0fa02be088478bc78a31bb6d73fa8a622b0f960b7068f82bb88ac2dc3354ea96e6a2

    • SSDEEP

      3072:bi+qBpqKzKrzKai+qBpqKzKrzK3i+qBpqKzKrzKKczNXqi+qBpqKzKrzKPppppKP:GnpnSnpnUnBnBnvnr

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks