General
-
Target
Purchase Order Enquiry #PO-240902.js
-
Size
1KB
-
Sample
240612-j6pjhswamn
-
MD5
2bdc505c21785249dee51ef41dc4df15
-
SHA1
c5b4b5a9dc2d8ad6c86c8fe423012c5c1ddf0650
-
SHA256
85e7853cdd4e0cf7f5474d9bbd963d1e6a052fe3d82d01452195c2b8fdfc6370
-
SHA512
ad17e6a38ec3b73a565bf08035aa8182289e54c3f81ecda3f72f8350a5ae8ef007b5ccd24bbd7f101abaf4986fbff7d241d2f67c280a1fee458bce9769fab09d
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order Enquiry #PO-240902.js
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Purchase Order Enquiry #PO-240902.js
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
Purchase Order Enquiry #PO-240902.js
-
Size
1KB
-
MD5
2bdc505c21785249dee51ef41dc4df15
-
SHA1
c5b4b5a9dc2d8ad6c86c8fe423012c5c1ddf0650
-
SHA256
85e7853cdd4e0cf7f5474d9bbd963d1e6a052fe3d82d01452195c2b8fdfc6370
-
SHA512
ad17e6a38ec3b73a565bf08035aa8182289e54c3f81ecda3f72f8350a5ae8ef007b5ccd24bbd7f101abaf4986fbff7d241d2f67c280a1fee458bce9769fab09d
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-