dc36596d6ace2aa7441008804d0b9bc036e0b6a1d5c6c4c257ef184142d7a4c7 | Triage

Sharing

General

Target

Nhefxoc.js
Size

119KB
Sample

230523-gnvlpseh3t
MD5

647c5fb35e1434925ea310f873cd80a4
SHA1

dfc00f641809277c84a3d1bd1d8d83ed647834e2
SHA256

dc36596d6ace2aa7441008804d0b9bc036e0b6a1d5c6c4c257ef184142d7a4c7
SHA512

2861031bb38c3797f9a2439875943f5b11b520555e51a78ab2847a49fd9c8f51554fe715a2feea6ee03fdbcb4e85d47a1e54e3245fec0420ad387cb4cd8df849
SSDEEP

3072:s0eysfZpi8EG5rxSGvYMMkbaLdemQ5znSmWRBm/rf6KrPW+UTLaHhSarIvtM:KaWSMZbaRrimIfHCYMS

Score

8^/10

Malware Config

Targets

- Target
  
  Nhefxoc.js
- Size
  
  119KB
- MD5
  
  647c5fb35e1434925ea310f873cd80a4
- SHA1
  
  dfc00f641809277c84a3d1bd1d8d83ed647834e2
- SHA256
  
  dc36596d6ace2aa7441008804d0b9bc036e0b6a1d5c6c4c257ef184142d7a4c7
- SHA512
  
  2861031bb38c3797f9a2439875943f5b11b520555e51a78ab2847a49fd9c8f51554fe715a2feea6ee03fdbcb4e85d47a1e54e3245fec0420ad387cb4cd8df849
- SSDEEP
  
  3072:s0eysfZpi8EG5rxSGvYMMkbaLdemQ5znSmWRBm/rf6KrPW+UTLaHhSarIvtM:KaWSMZbaRrimIfHCYMS
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2