e426756ac2d4a65e532409c93a2ca8627cc366f5f9ef1908abe5c6d800005617 | Triage

Resubmissions

02/10/2024, 15:50

241002-tacvysyamf 10

03/09/2024, 04:46

240903-fd47qayelc 10

Sharing

Copy URL Twitter E-mail

General

Target

1ad5b90e-4fa1-45a5-92ed-08dcc783013a.js
Size

616KB
Sample

241002-tacvysyamf
MD5

d36cc2ce2007f9d2c86bdec8a230cbb6
SHA1

cde6076930e82d0afa8dedb41ddeaa3ab36376cb
SHA256

e426756ac2d4a65e532409c93a2ca8627cc366f5f9ef1908abe5c6d800005617
SHA512

a346399dbfcabcc199ed01090144ec26a0e1c943640d2558b72804b75b3b47cb752d200c9fa7f21b6c868d123dd29405b2a4482b9f8d721b0e41c27744eca8ab
SSDEEP

12288:QnYQOtngy3RWFstYxeHUhaPUQDg4BTN6uDTUVkEeP1uM4VWATAUHzHIBn1aw4RFt:NpOefF5gijMT

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg

exe.dropper

https://ia601606.us.archive.org/10/items/deathnote_202407/deathnote.jpg

Targets

- Target
  
  1ad5b90e-4fa1-45a5-92ed-08dcc783013a.js
- Size
  
  616KB
- MD5
  
  d36cc2ce2007f9d2c86bdec8a230cbb6
- SHA1
  
  cde6076930e82d0afa8dedb41ddeaa3ab36376cb
- SHA256
  
  e426756ac2d4a65e532409c93a2ca8627cc366f5f9ef1908abe5c6d800005617
- SHA512
  
  a346399dbfcabcc199ed01090144ec26a0e1c943640d2558b72804b75b3b47cb752d200c9fa7f21b6c868d123dd29405b2a4482b9f8d721b0e41c27744eca8ab
- SSDEEP
  
  12288:QnYQOtngy3RWFstYxeHUhaPUQDg4BTN6uDTUVkEeP1uM4VWATAUHzHIBn1aw4RFt:NpOefF5gijMT
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1