25755ce790982f3dbd809c79372aac4e53b1c360cbbebe216090a9cd641dbbc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dlai.js
Size

122KB
Sample

230523-d9xreadf83
MD5

8560603c7f730c6c8d94c3ba533926cf
SHA1

e68a887e333abfa918c964864bb0e5afe472064c
SHA256

25755ce790982f3dbd809c79372aac4e53b1c360cbbebe216090a9cd641dbbc7
SHA512

6bff4c8744c25d2f9f784c4b9a7293800326fc06880ac0b96b59f2f5fa42434ffddc981cf337e2a89d387bd4551534acb6d09b41fc814819f2eccc74fe453f54
SSDEEP

3072:QLymHImAuwggR/J4l1W8B5pVHPliM0GJdHM:QGmHITuwgg/AHM

Score

8^/10

Malware Config

Targets

- Target
  
  Dlai.js
- Size
  
  122KB
- MD5
  
  8560603c7f730c6c8d94c3ba533926cf
- SHA1
  
  e68a887e333abfa918c964864bb0e5afe472064c
- SHA256
  
  25755ce790982f3dbd809c79372aac4e53b1c360cbbebe216090a9cd641dbbc7
- SHA512
  
  6bff4c8744c25d2f9f784c4b9a7293800326fc06880ac0b96b59f2f5fa42434ffddc981cf337e2a89d387bd4551534acb6d09b41fc814819f2eccc74fe453f54
- SSDEEP
  
  3072:QLymHImAuwggR/J4l1W8B5pVHPliM0GJdHM:QGmHITuwgg/AHM
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2