b2c9c980b859ca6e86c9a8026ae648aaa793b4e2578c264ac94e750b8d98a5ad | Triage

Resubmissions

22/05/2023, 21:40

230522-1jbsksdf2y 8

22/05/2023, 19:21

230522-x2sl9sch9v 8

22/05/2023, 19:14

230522-xx4hzach71 8

Sharing

General

Target

Ncoyo.js
Size

121KB
Sample

230522-xx4hzach71
MD5

bb5974712910a17e13c39ab49bad71b0
SHA1

ea083e1f42e7da533d5083a9092a5ea90507a983
SHA256

b2c9c980b859ca6e86c9a8026ae648aaa793b4e2578c264ac94e750b8d98a5ad
SHA512

435d0e27d6e95bb57e962f28b8e85fe3b65ea2d9af6aa17edd5464fd6eee4eebcc9df894cb17884212cfada44beccf147ed48101955bb4628ca6e7597bea9847
SSDEEP

3072:m5vB5iYTC1THEkFxsnyQ6Lr6ZIi/kjJg8YDoV2VoFSbymtCfasGOpj9:JfEyJKgQCiS9

Score

8^/10

Malware Config

Targets

- Target
  
  Ncoyo.js
- Size
  
  121KB
- MD5
  
  bb5974712910a17e13c39ab49bad71b0
- SHA1
  
  ea083e1f42e7da533d5083a9092a5ea90507a983
- SHA256
  
  b2c9c980b859ca6e86c9a8026ae648aaa793b4e2578c264ac94e750b8d98a5ad
- SHA512
  
  435d0e27d6e95bb57e962f28b8e85fe3b65ea2d9af6aa17edd5464fd6eee4eebcc9df894cb17884212cfada44beccf147ed48101955bb4628ca6e7597bea9847
- SSDEEP
  
  3072:m5vB5iYTC1THEkFxsnyQ6Lr6ZIi/kjJg8YDoV2VoFSbymtCfasGOpj9:JfEyJKgQCiS9
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2