Extracted

• • Target

    0b44b661974b43ec8eac1f352951cb1f9fc703bbbbbd0e57a38e118b5d1524ec.js

  • Size

    175KB

  • MD5

    bfacd543f1c8ed0bbbb56d4ee2163b27

  • SHA1

    f752d970c3e8c41c9c1bc42443c378d3353c3511

  • SHA256

    0b44b661974b43ec8eac1f352951cb1f9fc703bbbbbd0e57a38e118b5d1524ec

  • SHA512

    c23f6307a4754d9138d839af693d2ff02c5c49fa6cb38d7deaaf636b79d2986beb059c805a6ffae7ccc948fcf5225368c4773cbb02ea63aa347c9842418dbfa8

  • SSDEEP

    3072:IzkhJXA9AyzShrbV8QauBNA96q0rvY4FDKj:IIPrbV8JKkj

  Score

  10^/10

  executionobj3ctivitycollectiondiscoverypersistenceprivilege_escalationstealer

  • Detects Obj3ctivity Stage1

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealer

  • Obj3ctivity family

    obj3ctivity

  • Obj3ctivity, PXRECVOWEIWOEI

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealerobj3ctivity

  • Blocklisted process makes network request

  • Accesses Microsoft Outlook profiles

    collection

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2