d7c6eab85f93123d8bf4db0f5714d2d400d4f7fb93b1a79163ebaee7e72b515d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

quotation.js
Size

3.2MB
Sample

240902-gga9gstbkl
MD5

e9dfe55aca773878308f2d4d6ad00c79
SHA1

0066ce882b680471050a49ec800d32e47b3765ca
SHA256

d7c6eab85f93123d8bf4db0f5714d2d400d4f7fb93b1a79163ebaee7e72b515d
SHA512

a9e33a3bb0354f95db699a461060d777a952f68ca6bc847b17c9dc371e86d133167e4cc6f7274d035b1a52443a2f422bb6fe6101597df2a52599c6f4fb1c67b6
SSDEEP

12288:T3Y6TzFLuglAgA1X+H/5J0pQhc6LhTdWzqxRAdrvdgIdN/dgLAgLcSq6SOgICSaN:O

Score

8^/10

execution

Malware Config

Targets

- Target
  
  quotation.js
- Size
  
  3.2MB
- MD5
  
  e9dfe55aca773878308f2d4d6ad00c79
- SHA1
  
  0066ce882b680471050a49ec800d32e47b3765ca
- SHA256
  
  d7c6eab85f93123d8bf4db0f5714d2d400d4f7fb93b1a79163ebaee7e72b515d
- SHA512
  
  a9e33a3bb0354f95db699a461060d777a952f68ca6bc847b17c9dc371e86d133167e4cc6f7274d035b1a52443a2f422bb6fe6101597df2a52599c6f4fb1c67b6
- SSDEEP
  
  12288:T3Y6TzFLuglAgA1X+H/5J0pQhc6LhTdWzqxRAdrvdgIdN/dgLAgLcSq6SOgICSaN:O
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2