37822539ac804a03fa8453e5123cae1ec8d30afd7861418fdb1baaf981adeeca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RANOVIC DOO NIKSIC EUR 68773,6 20240219.js
Size

3KB
Sample

240220-hxneesdg86
MD5

e9ccb272221602ba9e0c8bba80af63fa
SHA1

6eb7df9bd56155d4946476d2018de02af709017e
SHA256

37822539ac804a03fa8453e5123cae1ec8d30afd7861418fdb1baaf981adeeca
SHA512

81573c10f52ffa78343c0d933108f23d488de70f8ee575103ccc9308c7ff7405720eaae5443bd81069b5e78a0b81418ad3885d4ec9ec6cbf2df8d2891527e717

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pt.textbin.net/download/zbbh8tfbo9

Targets

- Target
  
  RANOVIC DOO NIKSIC EUR 68773,6 20240219.js
- Size
  
  3KB
- MD5
  
  e9ccb272221602ba9e0c8bba80af63fa
- SHA1
  
  6eb7df9bd56155d4946476d2018de02af709017e
- SHA256
  
  37822539ac804a03fa8453e5123cae1ec8d30afd7861418fdb1baaf981adeeca
- SHA512
  
  81573c10f52ffa78343c0d933108f23d488de70f8ee575103ccc9308c7ff7405720eaae5443bd81069b5e78a0b81418ad3885d4ec9ec6cbf2df8d2891527e717
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2