obj3ctivity | 944c7070cb77d937c9bae8c30a367b1c15b2f8951329cdb64d4b02a5e145ea44 | Triage

Sharing

General

Target

Enquiry-Dubai.js
Size

176KB
Sample

250204-1jn3xatmcx
MD5

acedc7bdca0d19b982bcf030c73599ed
SHA1

dc39301e166c50e7d9ac8128135a2370254d52c8
SHA256

944c7070cb77d937c9bae8c30a367b1c15b2f8951329cdb64d4b02a5e145ea44
SHA512

3b4b5ad27169fd67b52625c43bad6d62c01981e5c79cdff540f825456fe098568c5078b18eb2056bc7140ea5da9689135d6976ff4039dbaa74e85c4ea3c0c341
SSDEEP

1536:UgOYlGWHi69D3fO2pKAfsj5zRDzRnmZ6xE7EyxsZ0gaY9uBc4q0F5v5FKMUBYWOe:LOYcWHN9jO2pF4l96g3uBu0XRlcT

Score

10^/10

obj3ctivity collection discovery execution persistence privilege_escalation stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg

exe.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg

Targets

- Target
  
  Enquiry-Dubai.js
- Size
  
  176KB
- MD5
  
  acedc7bdca0d19b982bcf030c73599ed
- SHA1
  
  dc39301e166c50e7d9ac8128135a2370254d52c8
- SHA256
  
  944c7070cb77d937c9bae8c30a367b1c15b2f8951329cdb64d4b02a5e145ea44
- SHA512
  
  3b4b5ad27169fd67b52625c43bad6d62c01981e5c79cdff540f825456fe098568c5078b18eb2056bc7140ea5da9689135d6976ff4039dbaa74e85c4ea3c0c341
- SSDEEP
  
  1536:UgOYlGWHi69D3fO2pKAfsj5zRDzRnmZ6xE7EyxsZ0gaY9uBc4q0F5v5FKMUBYWOe:LOYcWHN9jO2pF4l96g3uBu0XRlcT
Score

10^/10

execution obj3ctivity collection discovery persistence privilege_escalation stealer
- Detects Obj3ctivity Stage1
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer
- Obj3ctivity family
  obj3ctivity
- Obj3ctivity, PXRECVOWEIWOEI
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer obj3ctivity
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer