5e85a2211a95c499adf2c756490957eb0bfd64a815bd4a54fbc3c01ab63dcd88 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ktevbu.js
Size

198KB
Sample

230516-26q2fsch99
MD5

d2ee614c910b026e9f5e2a906234f874
SHA1

e603a69615a54932ff34bfb80f6cfc206e12500b
SHA256

5e85a2211a95c499adf2c756490957eb0bfd64a815bd4a54fbc3c01ab63dcd88
SHA512

80ec3b9c264b73d48d14c7a1d6366a88a1422c94b8267a70f424c1c9e77c6033c76c0305313b7c86d829f77d25c4b22d60598a1047f2516d59fc2216d29f8fe4
SSDEEP

6144:okZueA+/YvzyxmvDg7TYQLGAmm0URxw5zJEmt0js:evAm7

Score

8^/10

Malware Config

Targets

- Target
  
  Ktevbu.js
- Size
  
  198KB
- MD5
  
  d2ee614c910b026e9f5e2a906234f874
- SHA1
  
  e603a69615a54932ff34bfb80f6cfc206e12500b
- SHA256
  
  5e85a2211a95c499adf2c756490957eb0bfd64a815bd4a54fbc3c01ab63dcd88
- SHA512
  
  80ec3b9c264b73d48d14c7a1d6366a88a1422c94b8267a70f424c1c9e77c6033c76c0305313b7c86d829f77d25c4b22d60598a1047f2516d59fc2216d29f8fe4
- SSDEEP
  
  6144:okZueA+/YvzyxmvDg7TYQLGAmm0URxw5zJEmt0js:evAm7
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2