Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://158.69.36.15...

windows11-21h2-x64

Resubmissions

13/12/2024, 13:42

241213-qzv62szngy 10

12/12/2024, 18:20

241212-wytvgssnay 8

12/12/2024, 17:47

241212-wcwrys1qg1 7

12/12/2024, 17:04

241212-vldr3aspck 8

12/12/2024, 16:25

241212-txbw6szkhx 8

11/12/2024, 19:44

241211-yfvp6swkhv 8

09/12/2024, 19:12

241209-xwm5laxpbt 8

09/12/2024, 17:25

241209-vzfhtavngv 3

09/12/2024, 13:30

241209-qsbh3atnfp 3

08/12/2024, 20:49

241208-zl1n2stqas 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://158.69.36.15/files/estrouvinhar.js

  • Sample

    241212-wytvgssnay

Score
8/10
defense_evasiondiscoveryphishing

Malware Config

Targets

    • Target

      https://158.69.36.15/files/estrouvinhar.js

    Score
    8/10
    defense_evasiondiscoveryphishing

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

      phishing

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks