a25581c800a7705e573bc684b7b364632a63962e2fa6d214cfa1bdd2e9d38cb1 | Triage

Sharing

General

Target

April-29-receipt.zip
Size

205KB
Sample

240513-r7ls1sbg56
MD5

edc8c1b6536f29c0b7da2254dc7b2815
SHA1

52e236ee861a43f15ce08489b1dbd288fdfd78e4
SHA256

a25581c800a7705e573bc684b7b364632a63962e2fa6d214cfa1bdd2e9d38cb1
SHA512

25905a4310ef0e4dd2e437b961a1fc0f1b5810e6a02384b3f3c453b70f7525bc1e3fb8b6b258556fc92887623ae38b5a816a96507fd2ef5353a64c4be2e1d442
SSDEEP

48:4VttKFlchhAlqp1lFaTt+LPfKUPcE77VZlO0uTN0Nx8L1oM1Nci/ZtdlMEjEoayo:aAklFisLPnpvVZlOfNs8RNciBvng

Score

8^/10

execution

Malware Config

Targets

- Target
  
  April-29-receipt.JS
- Size
  
  200.0MB
- MD5
  
  5012f7c0a6af87c3b2993a24523586e3
- SHA1
  
  2f690f63035e996976430de0d2b2cbe4d2c55f06
- SHA256
  
  af57907b53533c7fb34e162201fa674ceb3a99223a819cb54fa14dd92cb90db8
- SHA512
  
  0c89f1f259a6e8ff4deabb4b11074370c6cd9398a19ef1c26e73f718fa1dfe8aec32e10b357cc3c293d9906194edbf70b5fee2f468c805392bcde4f76b047097
- SSDEEP
  
  96:A4iG6S+xh/kVzTTzvTssSFHG+JTCsMQCLb3i4Y4i444o1maJNLG6S+c2hxOm/3:ND6Ssh/psmH3JjY0Y6Sh2hxO
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1