General

  • Target

    Purchase Order Enquiry #PO-240902.js

  • Size

    1KB

  • Sample

    240612-j6pjhswamn

  • MD5

    2bdc505c21785249dee51ef41dc4df15

  • SHA1

    c5b4b5a9dc2d8ad6c86c8fe423012c5c1ddf0650

  • SHA256

    85e7853cdd4e0cf7f5474d9bbd963d1e6a052fe3d82d01452195c2b8fdfc6370

  • SHA512

    ad17e6a38ec3b73a565bf08035aa8182289e54c3f81ecda3f72f8350a5ae8ef007b5ccd24bbd7f101abaf4986fbff7d241d2f67c280a1fee458bce9769fab09d

Score
8/10

Malware Config

Targets

    • Target

      Purchase Order Enquiry #PO-240902.js

    • Size

      1KB

    • MD5

      2bdc505c21785249dee51ef41dc4df15

    • SHA1

      c5b4b5a9dc2d8ad6c86c8fe423012c5c1ddf0650

    • SHA256

      85e7853cdd4e0cf7f5474d9bbd963d1e6a052fe3d82d01452195c2b8fdfc6370

    • SHA512

      ad17e6a38ec3b73a565bf08035aa8182289e54c3f81ecda3f72f8350a5ae8ef007b5ccd24bbd7f101abaf4986fbff7d241d2f67c280a1fee458bce9769fab09d

    Score
    8/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks