3007338587f6d6b6d48fb333952793f71e03aeeb78fce04f786b6d9e85710815 | Triage

Sharing

General

Target

Zytt.js
Size

121KB
Sample

230523-alyf9aea2y
MD5

c850651f2ac1531a286beca45428864b
SHA1

198ba59832a289a8859518e258c17d37deed764d
SHA256

3007338587f6d6b6d48fb333952793f71e03aeeb78fce04f786b6d9e85710815
SHA512

b3c215892a674c983b2ada36331952b37659b827a15fa42d520045b8f0a2601aca5ef2c7eae56d978aa1462b24411c05c7a1bb94dc5e7aa50b992eb9d39e01c1
SSDEEP

3072:4nTRzg4JuI0gdgKkTnb42Y4UZAxmwiaWgrE77j:cJ1uI002p9ryj

Score

8^/10

Malware Config

Targets

- Target
  
  Zytt.js
- Size
  
  121KB
- MD5
  
  c850651f2ac1531a286beca45428864b
- SHA1
  
  198ba59832a289a8859518e258c17d37deed764d
- SHA256
  
  3007338587f6d6b6d48fb333952793f71e03aeeb78fce04f786b6d9e85710815
- SHA512
  
  b3c215892a674c983b2ada36331952b37659b827a15fa42d520045b8f0a2601aca5ef2c7eae56d978aa1462b24411c05c7a1bb94dc5e7aa50b992eb9d39e01c1
- SSDEEP
  
  3072:4nTRzg4JuI0gdgKkTnb42Y4UZAxmwiaWgrE77j:cJ1uI002p9ryj
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2