Resubmissions

29-05-2024 20:45

240529-zjph1aab24 10

27-05-2024 12:20

240527-phzbpsbf6t 10

General

  • Target

    pa collective agreement pay 4276.js

  • Size

    9.9MB

  • Sample

    240529-zjph1aab24

  • MD5

    50d8be57ade9dfef0d88ceebaed045e7

  • SHA1

    88925bcacd1a933e0be0d9b4c7c5c39cb778615b

  • SHA256

    9ed8a1e46824ec9f06dbd63c5d43c79db62f7c2db3f463156396f2acab927140

  • SHA512

    cd78210384b12978fe4712e1ae137a7a941718caa478b42a51bdf45995ce05369469f8e7dafbb2f77eded67eb77867b76913d0bf7f44b2a3316994b3431fdead

  • SSDEEP

    49152:jytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytl:m

Malware Config

Targets

    • Target

      pa collective agreement pay 4276.js

    • Size

      9.9MB

    • MD5

      50d8be57ade9dfef0d88ceebaed045e7

    • SHA1

      88925bcacd1a933e0be0d9b4c7c5c39cb778615b

    • SHA256

      9ed8a1e46824ec9f06dbd63c5d43c79db62f7c2db3f463156396f2acab927140

    • SHA512

      cd78210384b12978fe4712e1ae137a7a941718caa478b42a51bdf45995ce05369469f8e7dafbb2f77eded67eb77867b76913d0bf7f44b2a3316994b3431fdead

    • SSDEEP

      49152:jytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytwpCQK+qFytl:m

    • GootLoader

      JavaScript loader known for delivering other families such as Gootkit and Cobaltstrike.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks