obj3ctivity | 6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a | Triage

Submit
Reports

Overview

overview

Static

static

1

6da74e92c7...2a.vbs

windows7-x64

6da74e92c7...2a.vbs

windows10-2004-x64

Resubmissions

02-10-2024 03:28

241002-d1ty6avejr 10

02-10-2024 03:25

241002-dym3tsvdlk 10

Sharing

General

Target

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs
Size

504KB
Sample

241002-dym3tsvdlk
MD5

73116ddf40456b41c6b35023bc02e781
SHA1

037b869900d0474bf7603b8fbe3401f517f52117
SHA256

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a
SHA512

f60cbe6234371aacd3f42f87db8ea04cc3b982d9c356db5a1e0fa3959268c0aa8e78e4c059feac1619348a3453e55c3386e096812d2a4a6d61aca5cc99007be3
SSDEEP

12288:VS57Wp1MYi6qsGrA2OGLmeq0wM/l1d0FUvoExHRbb4XJb7q5cPT+EmJu6X:VC6X0T5VnpJ4Za

Score

10^/10

obj3ctivity collection discovery execution persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs

Resource

win10v2004-20240802-en

obj3ctivity collection discovery execution persistence privilege_escalation stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Targets

- Target
  
  6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a.vbs
- Size
  
  504KB
- MD5
  
  73116ddf40456b41c6b35023bc02e781
- SHA1
  
  037b869900d0474bf7603b8fbe3401f517f52117
- SHA256
  
  6da74e92c740c4443c54a8243037d0a2d9fac8f34764d1a86933063e5790ef2a
- SHA512
  
  f60cbe6234371aacd3f42f87db8ea04cc3b982d9c356db5a1e0fa3959268c0aa8e78e4c059feac1619348a3453e55c3386e096812d2a4a6d61aca5cc99007be3
- SSDEEP
  
  12288:VS57Wp1MYi6qsGrA2OGLmeq0wM/l1d0FUvoExHRbb4XJb7q5cPT+EmJu6X:VC6X0T5VnpJ4Za
Score

10^/10

execution obj3ctivity collection discovery persistence privilege_escalation stealer
- Detects Obj3ctivity Stage1
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer
- Obj3ctivity, PXRECVOWEIWOEI
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer obj3ctivity
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy