6263f21a78d91a8de6b1ce6ec3ae389ad194bfc37b309240994bc03cc6d7d107 | Triage

Sharing

General

Target

Fattura10415048.js.zip
Size

10KB
Sample

250120-k9p5wsskht
MD5

2cf189a744482ee2778b0f28e9aeec0a
SHA1

ff86630b3a9fd983a39b343e3476c88880abd22d
SHA256

6263f21a78d91a8de6b1ce6ec3ae389ad194bfc37b309240994bc03cc6d7d107
SHA512

23bbdaceda04b4bba4051676c471af89999298f96ed2a959fbbf0d26e16a0b7028d82bb55266d419966fe3053059a846943e1cf90ef82728460d6aa3dc2664ed
SSDEEP

192:c5FXkHtZSjR4TVtSQucsDGbGFZVO738uAfUBaEykGVnHU/N/YV9q7NdA6JQKT7mR:cLXkHtZSmVtSQzsZVg3UfUBb+h2NG6av

Score

8^/10

execution

Malware Config

Targets

- Target
  
  Fattura10415048.js.bin
- Size
  
  692KB
- MD5
  
  5edb1e3c82853d7542e85bc9f336dce3
- SHA1
  
  1d3c891ecaa3d83477d9497b5db5bc390617b6e0
- SHA256
  
  ebdd0c6f2ecf449623ba004d2a4535daec49a480d7b12b37749fb7fc09f84079
- SHA512
  
  8783180ccaccf8f3a6dc2bd0d84786496af28dbad5e99a7cb940c7cb3ef8a2cd37977e795e4a1134a3bb3a686cf904363af53f4fb38db6485329ce99c12df3ce
- SSDEEP
  
  768:TbpQ4zpRpZabpQ4zpRpsDalEpQ4zpRSDakDa3a+DarpQ4zpRFpQ4zpRKpQ4zpRcw:1
Score

8^/10

execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2