Overview

overview

10

Static

static

1

INVOICE 7632879527.js

windows7-x64

10

INVOICE 7632879527.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19092024_0643_INVOICE 7632879527.js.zip

  • Size

    244KB

  • Sample

    240919-hg989awbrm

  • MD5

    6e465b4b7861b2fca38ed71e6f9993e6

  • SHA1

    c57ec9b248eb13c00a3d2391317bf3cc21a96465

  • SHA256

    c0acbf70e7b623d643dac71e8da2f4a18a5ba70777b3e2837dbff2cbcf09e2bb

  • SHA512

    a8f97cce58993c463614fe7ba4d99e97e806cb3bdd008cb558a32f696ab412f2513b199674d63c5188c572d0fea9d4095f2d22ecd13e199c87eadc4a2a7d8ffe

  • SSDEEP

    6144:hvSvfQebl3DierbBtHGGD+dPok2zHJjPgQpj+C5fTaN0p:hve3lue3BtH/IgtFp+CFnp

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg
exe.dropper

https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg

Targets

    • Target

      INVOICE 7632879527.js

    • Size

      597KB

    • MD5

      329d426755d7ab99cbc7acba0e18d100

    • SHA1

      231d354d1bf4a3440432e2c815eebd328aa941de

    • SHA256

      15e2210edd9c283e1cbf9f5cb74de5304e53b882c368abf9f5637e6d4743c5ca

    • SHA512

      2c9bb53e55fc442ea79690fbfe28f105eadb926a2fc85f63e96b9ed244981c2b2364f0a0d21eb12c0e27f97fb4463f9ea1bc8fb21dadbc62e487dbcdaa03b24d

    • SSDEEP

      12288:DaP9xPUyqAzjJ83ZXYFxdxC4WTpifTyVV5d5ROw8ArUSK5wQKgLQst05uxQEFP4Q:ysVJAgU2zyyFxZVU+vm

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks