General
-
Target
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
-
Size
199KB
-
Sample
241017-bc7h8stbma
-
MD5
aa597f36329d08510090f6340995538a
-
SHA1
096af4879ef8ee00c5e441670f6b3e4a94b010f4
-
SHA256
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6
-
SHA512
c880c3f2f0d3eb70f39b50f8b5f7307a35f6f52318237f76cee209865f6de7d0c3e869e5697254bbf74f744368847f4af3b9e5fb9a9fd60fb30f15e6b33a3c3f
-
SSDEEP
6144:KQZlI75f7+TvI341Sz+7mgPe0RnX+FJlUR+mxR6LO5BGu+BVvvKBl7EDB0F52fzy:Z8LmB6tD7iFSg
Static task
static1
Behavioral task
behavioral1
Sample
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6.js
-
Size
199KB
-
MD5
aa597f36329d08510090f6340995538a
-
SHA1
096af4879ef8ee00c5e441670f6b3e4a94b010f4
-
SHA256
002b815349c937aa5742a14d349dbc841c7348990e21a42fe7a503a5bfa562a6
-
SHA512
c880c3f2f0d3eb70f39b50f8b5f7307a35f6f52318237f76cee209865f6de7d0c3e869e5697254bbf74f744368847f4af3b9e5fb9a9fd60fb30f15e6b33a3c3f
-
SSDEEP
6144:KQZlI75f7+TvI341Sz+7mgPe0RnX+FJlUR+mxR6LO5BGu+BVvvKBl7EDB0F52fzy:Z8LmB6tD7iFSg
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1JavaScript
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1