General
-
Target
TBSU0023.js
-
Size
14KB
-
Sample
220131-s3715aabg9
-
MD5
b5b778f78c652868c80297c5c45336f5
-
SHA1
08aef4a259b4c32f4c80ade3554671b13d5ecc79
-
SHA256
83c05a4ef168de42af9bf42af177225df46bec21e49e7d48b8bef3ab7d23a262
-
SHA512
b25d5e68876a01a11869316c24faf92d44d17da8783dc2d2c48e6b3c7bdabfc44e5fbb9e5152c8caa10d474439a111c12f809068326d3e99199917ed76edaf2b
Static task
static1
Behavioral task
behavioral1
Sample
TBSU0023.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
TBSU0023.js
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
TBSU0023.js
-
Size
14KB
-
MD5
b5b778f78c652868c80297c5c45336f5
-
SHA1
08aef4a259b4c32f4c80ade3554671b13d5ecc79
-
SHA256
83c05a4ef168de42af9bf42af177225df46bec21e49e7d48b8bef3ab7d23a262
-
SHA512
b25d5e68876a01a11869316c24faf92d44d17da8783dc2d2c48e6b3c7bdabfc44e5fbb9e5152c8caa10d474439a111c12f809068326d3e99199917ed76edaf2b
Score10/10-
Blocklisted process makes network request
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-