General
-
Target
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f.js
-
Size
52KB
-
Sample
241121-fnae4aypez
-
MD5
b9f2fc5e874114e45330cad7b524476c
-
SHA1
f158badcc637d7d92efb7ef63a6f8783a886ac6b
-
SHA256
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f
-
SHA512
dbbd63c7bd8b4a6723fd170e74e4c6532a6a89cca37c4580566585bb645711e7da05bfa37eb5ff7aac1683943b833bc4210a04959789e3e284d5d9dcf6e556a8
-
SSDEEP
768:EGWR269T41RPhQ3uvuGNhUP9KU2c0WuPIFXRomYO:Jh6d4wcTMgyBomYO
Static task
static1
Behavioral task
behavioral1
Sample
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f.js
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\a.txt
1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
http://ohchinhing.com.sg/counter/?a=1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
http://bloki.internetdsl.pl/counter/?a=1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
http://crobal-water.com/counter/?a=1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
http://stroydek.ru/counter/?a=1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
http://www.cuihuangge.com/counter/?a=1GgLeHpXUqeapoK3wvev1HyrCPEjvYKfyG
Targets
-
-
Target
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f.js
-
Size
52KB
-
MD5
b9f2fc5e874114e45330cad7b524476c
-
SHA1
f158badcc637d7d92efb7ef63a6f8783a886ac6b
-
SHA256
50ba244f113f398afc39ed760e2c3822fdc82147259e9846df5abab89cf8307f
-
SHA512
dbbd63c7bd8b4a6723fd170e74e4c6532a6a89cca37c4580566585bb645711e7da05bfa37eb5ff7aac1683943b833bc4210a04959789e3e284d5d9dcf6e556a8
-
SSDEEP
768:EGWR269T41RPhQ3uvuGNhUP9KU2c0WuPIFXRomYO:Jh6d4wcTMgyBomYO
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-