obj3ctivity | a367ebf98c40f810387c5485d083e4b7d0177046b67201af3dcfeb70b5e4e2bf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Purchase-Order.js

windows7-x64

Purchase-Order.js

windows10-2004-x64

Sharing

General

Target

Purchase-OrderM1.zip
Size

2KB
Sample

250219-ttfe7avkaq
MD5

d22b6421e15d2257ca4257b2fc80a7e6
SHA1

fc42cfac21fb823d8ba64549218a287594e4eabe
SHA256

a367ebf98c40f810387c5485d083e4b7d0177046b67201af3dcfeb70b5e4e2bf
SHA512

20818a94ae6e8b731e38bf98aa35dbf4900e91f8237b436d7e17b4fe4490c462a14f1d3ad8db297d97ab5fc7c0cb50aa29e9b9c8f6208f942769bca3fbae65c1

Score

10^/10

obj3ctivity collection discovery execution persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

Purchase-Order.js

Resource

win7-20240903-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase-Order.js

Resource

win10v2004-20250217-en

obj3ctivity collection discovery execution persistence privilege_escalation stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://3005.filemail.com/api/file/get?filekey=nIx_5T0LxHOBjilNb9CRviabPjrW2dlC-LxeOdJPF_Z_1MP6CuQBS5KcptA&pk_vid=342803d1cc4e3b801739359203b5fe9d

exe.dropper

https://3005.filemail.com/api/file/get?filekey=nIx_5T0LxHOBjilNb9CRviabPjrW2dlC-LxeOdJPF_Z_1MP6CuQBS5KcptA&pk_vid=342803d1cc4e3b801739359203b5fe9d

Targets

- Target
  
  Purchase-Order.js
- Size
  
  84KB
- MD5
  
  9365654ecf8a7829f0aa2d2b7d23ac34
- SHA1
  
  15f1d26d2c8298369f443398776ec2c7a60e6b22
- SHA256
  
  66a3a1836b0bf490bdcc66ff8bab7fc9ff210bbd646f1191d565f0d59be5cb1e
- SHA512
  
  f83d089d465c2f30bc233e6ec835455a9761f325bd74b97b50d9f15e9e554c88c8129bf978cfa4fe9faf1c4d60b661dc2e782503aaa88a596153aa66ddff16ef
- SSDEEP
  
  384:HZB5abmZB5abtZB5abdZB5abNZB5abtZB5abdZB5ab8ZB5abtZB5abdZB5ab+ZBc:TD
Score

10^/10

execution obj3ctivity collection discovery persistence privilege_escalation stealer
- Detects Obj3ctivity Stage1
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer
- Obj3ctivity family
  obj3ctivity
- Obj3ctivity, PXRECVOWEIWOEI
  Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.
  stealer obj3ctivity
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

obj3ctivitycollectiondiscoveryexecutionpersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy