Overview

overview

10

Static

static

1

Purchase O...ery.js

windows7-x64

10

Purchase O...ery.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21092024_0111_16092024_Purchase Order . September Deelivery.zip

  • Size

    245KB

  • Sample

    240921-bj8pwaxhrg

  • MD5

    181a877636f53d53aa99ff25e87f9188

  • SHA1

    45da9ea19b76365ebb9fbd5fcee9bc2c012c08ff

  • SHA256

    a9c5c01d0705146e44393b597a5822ea87e48c8cbd43dbf69e9228af4511584f

  • SHA512

    c77773d41136998e0253b3459ce5a7175b2bcc7528e1d1812403b5b71ca80f03e7290de706dc4ca7d819db045bbbc98d1c1debc605276f3ff5fd113b91c462fc

  • SSDEEP

    6144:g2m8MzAmTH/KrTtz0yRpGmyaP3gCVdddD3fPPrIV2qM:1lEAWSqspxfvV

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt
exe.dropper

https://ia904601.us.archive.org/6/items/detah-note-j/DetahNoteJ.txt

Targets

    • Target

      Purchase Order . September Deelivery.js

    • Size

      602KB

    • MD5

      c99eede8df6223c9f608dbc64dee57ff

    • SHA1

      a6df986b275fabe045dda8b6d3d34c3cd7640aad

    • SHA256

      574403dce45be3a5edec18e66f16fef5e013ce99c7713479ab67c11e6f472330

    • SHA512

      b68bd89a6a06b3f33b923898bbdeb95bb796ee2be1733bc94758006f67d7fa0a596fea889545c8ddf1d3b2049f662d4b0c5e99d38aef3eaa81d445babf6b10ea

    • SSDEEP

      12288:o2QfMbARmlPDpIZDA48VcnheZB4HGLUtc0riOhuuMtn2kqZrjCU87cG/Q12oaCMs:X7GZiwzx1ZLwLsD

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks