Overview

overview

10

Static

static

1

Inquiry.js

windows7-x64

10

Inquiry.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inquiry.js

  • Size

    162KB

  • Sample

    250115-kzlpqaxrcv

  • MD5

    459f759046d6def3f4524d28eab22476

  • SHA1

    46af0da70b77d98d4773023554dacc1f968b93a1

  • SHA256

    70a82edf7f26167e6b7df16d624d29d45fd220bb47b8407bc58ee6f7b8c822d3

  • SHA512

    f440b3263f621ddc3113084c7aa8a9acc876c19c97138f0c923d2a65f30203d3d4141f49bf0997b9426f60c42f667094d74e0e3f8fff2fabebf938fdd0cdf264

  • SSDEEP

    1536:DCd0yFOp29X3u7EWFOm3xE7E9GQ0c4RTXN4uzQ6VJYCkR5O+6puYszWTC4mKcAWy:DCdTFOE9OoWlN0XJzQ6VPk7yx

Score
10/10
obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://ia600805.us.archive.org/10/items/new_image_202501/new_image.jpg%20
exe.dropper

https://ia600805.us.archive.org/10/items/new_image_202501/new_image.jpg%20

Targets

    • Target

      Inquiry.js

    • Size

      162KB

    • MD5

      459f759046d6def3f4524d28eab22476

    • SHA1

      46af0da70b77d98d4773023554dacc1f968b93a1

    • SHA256

      70a82edf7f26167e6b7df16d624d29d45fd220bb47b8407bc58ee6f7b8c822d3

    • SHA512

      f440b3263f621ddc3113084c7aa8a9acc876c19c97138f0c923d2a65f30203d3d4141f49bf0997b9426f60c42f667094d74e0e3f8fff2fabebf938fdd0cdf264

    • SSDEEP

      1536:DCd0yFOp29X3u7EWFOm3xE7E9GQ0c4RTXN4uzQ6VJYCkR5O+6puYszWTC4mKcAWy:DCdTFOE9OoWlN0XJzQ6VPk7yx

    Score
    10/10
    executionobj3ctivitycollectiondiscoverypersistenceprivilege_escalationstealer

    • Detects Obj3ctivity Stage1

      Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

      stealer

    • Obj3ctivity family

      obj3ctivity

    • Obj3ctivity, PXRECVOWEIWOEI

      Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

      stealerobj3ctivity

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks