9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330 | Triage

Submit
Reports

Overview

overview

Static

static

1

9e182abd97...(1).js

windows7-x64

9e182abd97...(1).js

windows10-2004-x64

Sharing

General

Target

9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330 (1)
Size

134KB
Sample

240523-gs97ysfh45
MD5

1f2912c0c12b316023061de20ee3cc55
SHA1

05cad925852e41a0832bc9bf3db5056990d027d4
SHA256

9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330
SHA512

226d9de84f0a3624e8b84ec3f89026299d457907faab3246694b04de40af76d927561ccbf463444e5049dd55ac2a72f4e727c6e10f4a490604c01738142c7f5b
SSDEEP

1536:BIscHpcWN6ns7eemQA1iPFmpcEo0SlWu37kxlvtqMPeHp6o:5cHDesSemV1iQWEo0SlWA7Alvtl8f

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330 (1).js

Resource

win7-20240419-en

discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330 (1).js

Resource

win10v2004-20240226-en

discovery execution

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.49.69.41/data/b413842a6f5f431ab839f99fe3f6d3a9

Targets

- Target
  
  9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330 (1)
- Size
  
  134KB
- MD5
  
  1f2912c0c12b316023061de20ee3cc55
- SHA1
  
  05cad925852e41a0832bc9bf3db5056990d027d4
- SHA256
  
  9e182abd97e46d2788e637b1969deede1821bc08ece40d731ec1051be0b32330
- SHA512
  
  226d9de84f0a3624e8b84ec3f89026299d457907faab3246694b04de40af76d927561ccbf463444e5049dd55ac2a72f4e727c6e10f4a490604c01738142c7f5b
- SSDEEP
  
  1536:BIscHpcWN6ns7eemQA1iPFmpcEo0SlWu37kxlvtqMPeHp6o:5cHDesSemV1iQWEo0SlWA7Alvtl8f
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

© 2018-2024

Terms | Privacy