66bab1e714aadb12dda8202071752bbcd64e7f3be961be05d252cd6b96d8c0b2 | Triage

Sharing

General

Target

31102024_0303_order.js.zip
Size

523KB
Sample

241031-dkdbgaycjb
MD5

262708881585fba036cd8842d966ebc5
SHA1

4cd449aa3d157169cff8ebdbb0e2df932febda12
SHA256

66bab1e714aadb12dda8202071752bbcd64e7f3be961be05d252cd6b96d8c0b2
SHA512

a36f37266d6154b46062b61092fdfe7f6c733f827f0fe843480cd6d6fb116341963b0c19db36d648a988e6e275eac187c18f1588866ef36ebbcd82a31945b71d
SSDEEP

1536:akMqTUdusRiVFwXsNJhSTAXjGdLywjaVon:akMqTUdu2KNJYmjGdLyZo

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  order.js
- Size
  
  213.4MB
- MD5
  
  6376d68402f9701827b296b0e32687ac
- SHA1
  
  e68a2738ae999a0bbac2cff1148b43ef2a6ff372
- SHA256
  
  8e04f169d134b85055a7dfabd827c30bd12de4e9cda62556066d33a31ef7c258
- SHA512
  
  4cdeeccbba4d4df7bfd434b9fa2fa0af4bfd0109ea3030f56fa3ca59e5f81d841b6d6bfcfe225cea65cc3c3b3e88793a759e667014943a0f19dbeb1f18c863c4
- SSDEEP
  
  3072:40PrWZtMkfiM6A2fTFwoqEdKi38VDf00PrWZtMkfiM6A:4HtMRAgJPK/f0HtMRA
Score

10^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2