Extracted

• • Target

    Lana_Rhoades_Photoos.js

  • Size

    548KB

  • MD5

    ae498935d8a61b3008bd9393a2306dec

  • SHA1

    b1858655d705e14c01cec8d008c3f3db0a09807b

  • SHA256

    401f183d5553d4f01ff3a4df33524f39faa6138f40afb570300ae41ca31efc08

  • SHA512

    8d9830e5ff3f09099ac1e1af2a585cad2a2ad287b75117741d5f940dc2dd934e7046d17881c93b0398917d1f42a9208ab17bede62a594b1a12997d2bba660a8b

  • SSDEEP

    3072:0F8F8F8F8F8F8F8F8F8F8F8F8F8FjFoFoFoFoFoFoFoFoFoFoFoFoFoFoFoFoFod:X7HlvYPobr777lvrFI

  Score

  10^/10

  execution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2