Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.albuspsi...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://www.albuspsikoloji.com.tr/2025%20inquiry.js

  • Sample

    250204-klpt8asrfj

Score
10/10
obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg
exe.dropper

https://res.cloudinary.com/daxwua63y/image/upload/v1738334533/alcb4htolzvfhzzufqh5.jpg

Targets

    • Target

      https://www.albuspsikoloji.com.tr/2025%20inquiry.js

    Score
    10/10
    obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer

    • Detects Obj3ctivity Stage1

      Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

      stealer

    • Obj3ctivity family

      obj3ctivity

    • Obj3ctivity, PXRECVOWEIWOEI

      Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

      stealerobj3ctivity

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks