87ec7ae8985a75396354ea6917cb53668ed0d416001bb77b559f6df5a6c7af94 | Triage

Sharing

General

Target

87ec7ae8985a75396354ea6917cb53668ed0d416001bb77b559f6df5a6c7af94.js
Size

195KB
Sample

250117-gtzslsvjas
MD5

5fc9235bda05fc24e7305c04ca36ec23
SHA1

2e83ad6567e2d87bffc6392e26aca3c9e3f00c5a
SHA256

87ec7ae8985a75396354ea6917cb53668ed0d416001bb77b559f6df5a6c7af94
SHA512

183f6c9325fb539721ed7bb70996691c3f4448a70fb0d293fcb79abcbb14b3cf732ddf24892a030541b8387f7ab5f76ee8f74a99db1a267ec996c939c8b8b89c
SSDEEP

3072:lW1tKbWXt+NWXt+NWXt+NWXt+NWXt+NWXt+kWXt+NWXt+NWXt+NWXt+NWXt+NWXC:o

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://desckvbrat.com.br/Upcrypter/02/Meu_primeiro_arquivo_de_texto.txt

exe.dropper

https://drive.google.com/uc?export=download&id=

exe.dropper

https://desckvbrat.com.br/Upcrypter/02/Meu_primeiro_arquivo_de_texto.txt

Targets

- Target
  
  87ec7ae8985a75396354ea6917cb53668ed0d416001bb77b559f6df5a6c7af94.js
- Size
  
  195KB
- MD5
  
  5fc9235bda05fc24e7305c04ca36ec23
- SHA1
  
  2e83ad6567e2d87bffc6392e26aca3c9e3f00c5a
- SHA256
  
  87ec7ae8985a75396354ea6917cb53668ed0d416001bb77b559f6df5a6c7af94
- SHA512
  
  183f6c9325fb539721ed7bb70996691c3f4448a70fb0d293fcb79abcbb14b3cf732ddf24892a030541b8387f7ab5f76ee8f74a99db1a267ec996c939c8b8b89c
- SSDEEP
  
  3072:lW1tKbWXt+NWXt+NWXt+NWXt+NWXt+NWXt+kWXt+NWXt+NWXt+NWXt+NWXt+NWXC:o
Score

10^/10

execution
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2