d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9f | Triage

Sharing

General

Target

Xruxuu.js
Size

289KB
Sample

230519-q26esseb48
MD5

fde37c6a9854e6e367015ef155660261
SHA1

d4bbf0d5e72bcb0d0ca2344753b6b97cdc6d809b
SHA256

d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9f
SHA512

204dcf7546083662cfadbd61e48fed047ef893f19861c58723db3214d335f14910eb3079814eda60d3f2b8e1199f993e380c2b3edc084ddc913dfd6b04d881ef
SSDEEP

6144:ZvXUgy8006Aub+8wwiS5gd1ce82Ad4x000UE:Z/Ly

Score

8^/10

Malware Config

Targets

- Target
  
  Xruxuu.js
- Size
  
  289KB
- MD5
  
  fde37c6a9854e6e367015ef155660261
- SHA1
  
  d4bbf0d5e72bcb0d0ca2344753b6b97cdc6d809b
- SHA256
  
  d3c6e06204212c1aeeef29809460056535cba3beca8cf163b7c8719671ef0c9f
- SHA512
  
  204dcf7546083662cfadbd61e48fed047ef893f19861c58723db3214d335f14910eb3079814eda60d3f2b8e1199f993e380c2b3edc084ddc913dfd6b04d881ef
- SSDEEP
  
  6144:ZvXUgy8006Aub+8wwiS5gd1ce82Ad4x000UE:Z/Ly
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2