cdf04ce70a7d1303b77cfa25eae0d0e9b114bdec69c15774bfb6745319dfda6d

General

Target

Nt_fa24628e-573c-423d-8c6a-8b2fb5f5c75b-ysA.js
Size

49KB
Sample

230322-v3x72aad27
MD5

30fc96e1b14e130e2413f6032960968d
SHA1

576f50fc1f64a07f8cd2abd197fe009c484d7ef0
SHA256

cdf04ce70a7d1303b77cfa25eae0d0e9b114bdec69c15774bfb6745319dfda6d
SHA512

0aec7df88677b9f8828c2cd7e842eeeac9b2b8bcd62f56c47fe0f5373e4b16a6c80fade178883861de9d189e7733ed968a14e9cfb0fdbbafd7b332b689b8e39f
SSDEEP

768:4tblGvwyCadXP1Q9q1uvvIAY7qyXRgHS7VInm45UHDuiOa7S6sX5WCYH:4tbovw1adfNQv2KcVDuilcPYH

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://203.96.177.121/FIvB5lhB.dathttp://195.20.17.142/FIvB5lhB.dathttp://185.231.204.114/FIvB5lhB.dathttp://87.236.146.162/FIvB5lhB.dathttp://151.80.5.50/FIvB5lhB.dathttp://139.180.209.206/FIvB5lhB.dat

Targets

- Target
  
  Nt_fa24628e-573c-423d-8c6a-8b2fb5f5c75b-ysA.js
- Size
  
  49KB
- MD5
  
  30fc96e1b14e130e2413f6032960968d
- SHA1
  
  576f50fc1f64a07f8cd2abd197fe009c484d7ef0
- SHA256
  
  cdf04ce70a7d1303b77cfa25eae0d0e9b114bdec69c15774bfb6745319dfda6d
- SHA512
  
  0aec7df88677b9f8828c2cd7e842eeeac9b2b8bcd62f56c47fe0f5373e4b16a6c80fade178883861de9d189e7733ed968a14e9cfb0fdbbafd7b332b689b8e39f
- SSDEEP
  
  768:4tblGvwyCadXP1Q9q1uvvIAY7qyXRgHS7VInm45UHDuiOa7S6sX5WCYH:4tbovw1adfNQv2KcVDuilcPYH
Score

10^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2