bd6ac7825dc6636af444e8eb64ca1344ff8544a572df6991b912d9588f9a8e6a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Eznrokqd.js
Size

231KB
Sample

230516-qq8qsaaa6t
MD5

b238e6b9499f97291480f7135b0b77a1
SHA1

ec7e0d67e839c0b47be4dad0e8ab250ca84e273f
SHA256

bd6ac7825dc6636af444e8eb64ca1344ff8544a572df6991b912d9588f9a8e6a
SHA512

740828475b4e9d85b04f1f63e8ab396adb3eb3669a0118af5a8e7a075b0ff616cf0abf80adadc19f305acf95137daaae235f83ad0117c938a56ade8746227840
SSDEEP

3072:5sCrTLGytSZYqEhzSDx8JdS9nKXv1BKyWoXglvd9XbBJdgg03Rsd0IS6:+APSZYXmqdaKXvqyWoXgdw3Rsyx6

Score

8^/10

Malware Config

Targets

- Target
  
  Eznrokqd.js
- Size
  
  231KB
- MD5
  
  b238e6b9499f97291480f7135b0b77a1
- SHA1
  
  ec7e0d67e839c0b47be4dad0e8ab250ca84e273f
- SHA256
  
  bd6ac7825dc6636af444e8eb64ca1344ff8544a572df6991b912d9588f9a8e6a
- SHA512
  
  740828475b4e9d85b04f1f63e8ab396adb3eb3669a0118af5a8e7a075b0ff616cf0abf80adadc19f305acf95137daaae235f83ad0117c938a56ade8746227840
- SSDEEP
  
  3072:5sCrTLGytSZYqEhzSDx8JdS9nKXv1BKyWoXglvd9XbBJdgg03Rsd0IS6:+APSZYXmqdaKXvqyWoXgdw3Rsyx6
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2