General

  • Target

    08112024_0043_RECHN__3778.js.zip

  • Size

    11KB

  • Sample

    241108-a3d4ya1fqe

  • MD5

    902c82b942cd436ba36383d92b0d519b

  • SHA1

    1ec9b206b3492b4cdc20949ac67005b911f312f8

  • SHA256

    8151a20772ce49a7c2a494fe5a4efe75ec6d0edc38ace49ddec1c027e36ddde8

  • SHA512

    22299c0949b51106e17ee1b94cc81156421d8790430cb98f1e0a33fe0f177f645604b6f81ea72ccaf0b1a4b7bc1e00da19b13cac216ed193bae26820b30da897

  • SSDEEP

    192:9C+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipc:99tP0bgkA1HjZYG1G0xeh+OBVBgHl

Malware Config

Targets

    • Target

      RECHN__3778.js

    • Size

      11KB

    • MD5

      622ed073989d08a15dc77c40cb8a3ed1

    • SHA1

      1b8d364b5ef571c306bc00697f10456b3c48b5ed

    • SHA256

      547943260e1cc19a3bb9535a712c05ec2fa2dba38c2db10541c146a3df77c687

    • SHA512

      82d01b51720b0a27312141d70f89d416fe0039e178cd0d04df8c01c78578f466eddcfaf62369f4d70d647ed4d0e41e5a920dad65266d3503074ec143ffe98c85

    • SSDEEP

      192:AC+hVJrSQ0bgkMnXH179aWZjZYGFvG0xHh8h+VABVBb5uvPdlvipv:A9tP0bgkA1HjZYG1G0xeh+OBVBgHC

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Boot or Logon Autostart Execution: Authentication Package

      Suspicious Windows Authentication Registry Modification.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks