Overview

overview

10

Static

static

1

PO No.7500011330.js

windows7-x64

10

PO No.7500011330.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19092024_0644_PO No.7500011330.js.gz

  • Size

    233KB

  • Sample

    240919-hhjspavhph

  • MD5

    1302f9d26be7e3f0ab5df5eb8370f64d

  • SHA1

    e96fd51d97ff37e069fef874692656457d3d7c51

  • SHA256

    b7c01a5a9f1ee5788c80fa1bb233afbe3827365cf19ff63f0f71b5bc731b5096

  • SHA512

    375e3b260aaf88bbec269038f307287aa5138234f7fb82db3e0d2fc413e1cd815c0e086254e1116fd9274c566c61ed35c456be86384d5fa92c6d4222c1aca7ba

  • SSDEEP

    6144:xmH4M+MeW2HZ3CB+Rcxpmh13cCv0P8lSLaKvLbGD:xmhRlC0g1DvVwRfq

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
exe.dropper

https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt

Targets

    • Target

      PO No.7500011330.js

    • Size

      601KB

    • MD5

      2775b43e1e9b8e237f506cc02c0dfd9e

    • SHA1

      0816358f326556470110ded8e13e3409ab46ec4c

    • SHA256

      92e24621f961d0095911956dbe9a6400feb59a324cbb0994ae1290b2a2045b13

    • SHA512

      a41baead687120db6017b800d09604e3b53113c229a5fcf18d7a7d1b1f3f05319e0239d160150bcf4b01caff7989829d6730ae0c728d793641f09bb0347c97d0

    • SSDEEP

      12288:Dvf0MG9e5BJXO6fU68Mkf/r3z0jUJPjjids+hXhGjpLJCZgywlrzvR6tNhEY8vTi:hTEt3Y1ZaXc

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks