21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3 | Triage

Sharing

General

Target

21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3.js
Size

120KB
Sample

241017-bmma2sxepq
MD5

c654511bc71143604fa59947da8225bf
SHA1

11cb2a2983a22a64b7a822a9b0c484dc1dd5d1e9
SHA256

21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3
SHA512

a646b7e6b4f16390a61399531ca0b5611602020c98084f8e65ca93e1c335bb1416a7054456217287a33f31d8e54ad8e66125ca7e8ddb87daf7de0f065ae79693
SSDEEP

1536:5dgBlOFpdq7MkzYWELraVId79UuxMoMxMUOIVSq41M2twpJS7fZ134Sm:+YFp0wq

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=

Targets

- Target
  
  21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3.js
- Size
  
  120KB
- MD5
  
  c654511bc71143604fa59947da8225bf
- SHA1
  
  11cb2a2983a22a64b7a822a9b0c484dc1dd5d1e9
- SHA256
  
  21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3
- SHA512
  
  a646b7e6b4f16390a61399531ca0b5611602020c98084f8e65ca93e1c335bb1416a7054456217287a33f31d8e54ad8e66125ca7e8ddb87daf7de0f065ae79693
- SSDEEP
  
  1536:5dgBlOFpdq7MkzYWELraVId79UuxMoMxMUOIVSq41M2twpJS7fZ134Sm:+YFp0wq
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2