Resubmissions

15-08-2024 20:42

240815-zhg3jaxglr 10

14-06-2024 12:05

240614-n89dxszekb 10

28-05-2024 22:27

240528-2dhvdagb62 10

General

  • Target

    Update_25_04_2024_3146918.js

  • Size

    135KB

  • Sample

    240528-2dhvdagb62

  • MD5

    bf7f711e823916e5f56ff4d2286ee866

  • SHA1

    d9c9d093ce5f1cbc78280ab0232b5d6ef8c25729

  • SHA256

    0c9697506df18baac4b4215e78a43926ea4bb94ea3607c851a1c2fe3b5b31f17

  • SHA512

    842616018719df7c6ee7cac5996ea1399a2a459353ee96de2bf9fda122aac861baa0a5c848dad1d4aa756fab897d1e7a978eac359458d52801020685db67d941

  • SSDEEP

    1536:XDOApMn1gDmN2yBCn/yA3seAeLCMamLcInL1VXJ3Duvnr:6A+n1gDmNnw/yA3slMamLcInL7tDuvr

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.49.69.41/data/d291855f9fd1c934f7c97a4d2ba99b89

Targets

    • Target

      Update_25_04_2024_3146918.js

    • Size

      135KB

    • MD5

      bf7f711e823916e5f56ff4d2286ee866

    • SHA1

      d9c9d093ce5f1cbc78280ab0232b5d6ef8c25729

    • SHA256

      0c9697506df18baac4b4215e78a43926ea4bb94ea3607c851a1c2fe3b5b31f17

    • SHA512

      842616018719df7c6ee7cac5996ea1399a2a459353ee96de2bf9fda122aac861baa0a5c848dad1d4aa756fab897d1e7a978eac359458d52801020685db67d941

    • SSDEEP

      1536:XDOApMn1gDmN2yBCn/yA3seAeLCMamLcInL1VXJ3Duvnr:6A+n1gDmNnw/yA3slMamLcInL7tDuvr

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks