5fe6e302d0108bb3accb37d26a576934b1174ddc82c450a437cb401cce3f3a19 | Triage

Sharing

General

Target

Dodtczlo.js
Size

125KB
Sample

230523-c4w29aed3x
MD5

cac7079e9b72c0dfa921177770d3aa72
SHA1

1beccf5f0fcf312008ed6b244b048717a8a58473
SHA256

5fe6e302d0108bb3accb37d26a576934b1174ddc82c450a437cb401cce3f3a19
SHA512

92ef10e8cef5661bcc697fd7a90abcdff7e1f738b664d2426319effa5ea7fed4fecca74a52a919438746c8035c0aaebfc2ef824a109e64274525807cdd2a6a58
SSDEEP

3072:1mLMmCma5byxfDDYjAgxPgnevqR7Ds0zf/ip7NXpuG8M:1yxfDDYjAkP27aV8M

Score

8^/10

Malware Config

Targets

- Target
  
  Dodtczlo.js
- Size
  
  125KB
- MD5
  
  cac7079e9b72c0dfa921177770d3aa72
- SHA1
  
  1beccf5f0fcf312008ed6b244b048717a8a58473
- SHA256
  
  5fe6e302d0108bb3accb37d26a576934b1174ddc82c450a437cb401cce3f3a19
- SHA512
  
  92ef10e8cef5661bcc697fd7a90abcdff7e1f738b664d2426319effa5ea7fed4fecca74a52a919438746c8035c0aaebfc2ef824a109e64274525807cdd2a6a58
- SSDEEP
  
  3072:1mLMmCma5byxfDDYjAgxPgnevqR7Ds0zf/ip7NXpuG8M:1yxfDDYjAkP27aV8M
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2