318ee202d748a8bfde16a3b28431faf45c8f8fab3203add17ce4f8f02e16e9ff | Triage

Sharing

General

Target

318ee202d748a8bfde16a3b28431faf45c8f8fab3203add17ce4f8f02e16e9ff
Size

13KB
Sample

240123-f5v35agef3
MD5

13833c3879e2949998d02fbe79b1fed6
SHA1

b64125005eade525f8048a840ef13aa5fbb5a46f
SHA256

318ee202d748a8bfde16a3b28431faf45c8f8fab3203add17ce4f8f02e16e9ff
SHA512

ccc668f09b4d56d7a2100b7d81442affa2dce33b65c07be66cc4f7428db51070a0cffad5a1e9543566cf468d7efe74abb609b28e6a418ecb6525e2f5bf728b1e
SSDEEP

384:2k5q5aBTYmpUJOygOlUHEi4gdAtgU5opmFlx4p3csaV:2kBYJOZOlo46AtgTc3xNsaV

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://xerixwebstudio.com/documents.txt

Targets

- Target
  
  in_67226722367226722.js
- Size
  
  39KB
- MD5
  
  2cabe93683e4535d83dcf52a65ebc346
- SHA1
  
  f4e7e84f88ed5ebe3d0e194d2575e02fec8f6a64
- SHA256
  
  9091a92935f469f8420312270a3b12ff519ed0f840e42324f2ecdb0a660b2f1d
- SHA512
  
  bbfc3dcd0c1483569738a21dbb2162f7be90f18b6edd3a894296450477d618b10f56e11c4a08d8b70aade93b31f066403793b399044a038fd2d0bf8440d48626
- SSDEEP
  
  768:lH7QeMV8mjOil1SoVjVjdbeBywz0J8choA37jygvBw3OvKClNhM1tbji3nsGxQmo:R7QeI/0+xwsB0b8rC
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2