obj3ctivity | 0b44b661974b43ec8eac1f352951cb1f9fc703bbbbbd0e57a38e118b5d1524ec | Triage

Sharing

General

Target

Enquiry-Dubai.js
Size

175KB
Sample

250129-xkrzeawpas
MD5

bfacd543f1c8ed0bbbb56d4ee2163b27
SHA1

f752d970c3e8c41c9c1bc42443c378d3353c3511
SHA256

0b44b661974b43ec8eac1f352951cb1f9fc703bbbbbd0e57a38e118b5d1524ec
SHA512

c23f6307a4754d9138d839af693d2ff02c5c49fa6cb38d7deaaf636b79d2986beb059c805a6ffae7ccc948fcf5225368c4773cbb02ea63aa347c9842418dbfa8
SSDEEP

3072:IzkhJXA9AyzShrbV8QauBNA96q0rvY4FDKj:IIPrbV8JKkj

Score

10^/10

obj3ctivity collection discovery execution persistence privilege_escalation stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1737696171/heke2pmteuw8sqsplhkl.jpg

exe.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1737696171/heke2pmteuw8sqsplhkl.jpg

Targets

- Target
  
  Enquiry-Dubai.js
- Size
  
  175KB
- MD5
  
  bfacd543f1c8ed0bbbb56d4ee2163b27
- SHA1
  
  f752d970c3e8c41c9c1bc42443c378d3353c3511
- SHA256
  
  0b44b661974b43ec8eac1f352951cb1f9fc703bbbbbd0e57a38e118b5d1524ec
- SHA512
  
  c23f6307a4754d9138d839af693d2ff02c5c49fa6cb38d7deaaf636b79d2986beb059c805a6ffae7ccc948fcf5225368c4773cbb02ea63aa347c9842418dbfa8
- SSDEEP
  
  3072:IzkhJXA9AyzShrbV8QauBNA96q0rvY4FDKj:IIPrbV8JKkj
Score

10^/10

execution obj3ctivity collection discovery persistence privilege_escalation stealer
- Detects Obj3ctivity Stage1
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer
- Obj3ctivity family
  obj3ctivity
- Obj3ctivity, PXRECVOWEIWOEI
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer obj3ctivity
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer