0470e2c93a445b1a2af681cb444a2fb828cfee64c43488c09587c562d97422ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Efoicla.js
Size

121KB
Sample

230523-mfvjmafg2v
MD5

00e995b6bed067d4999175a7b36929ee
SHA1

05c8917484e598adee46cc7de980873896debe1a
SHA256

0470e2c93a445b1a2af681cb444a2fb828cfee64c43488c09587c562d97422ed
SHA512

a3eedab86962b7cb866243cef2457547b8aeef0378d977b8b559691aecbbd51de27518bc7463b974909beded054b019c9da95b63776370bfde8094dedd5e2c09
SSDEEP

3072:GvwNrKLjkgkDVTQ/NzGj5r5kKB9iMrtRNlgJqzWbDlEp:GvwNrKLjxkDVTQ/NzGj5r5D9HrtRNlRj

Score

8^/10

Malware Config

Targets

- Target
  
  Efoicla.js
- Size
  
  121KB
- MD5
  
  00e995b6bed067d4999175a7b36929ee
- SHA1
  
  05c8917484e598adee46cc7de980873896debe1a
- SHA256
  
  0470e2c93a445b1a2af681cb444a2fb828cfee64c43488c09587c562d97422ed
- SHA512
  
  a3eedab86962b7cb866243cef2457547b8aeef0378d977b8b559691aecbbd51de27518bc7463b974909beded054b019c9da95b63776370bfde8094dedd5e2c09
- SSDEEP
  
  3072:GvwNrKLjkgkDVTQ/NzGj5r5kKB9iMrtRNlgJqzWbDlEp:GvwNrKLjxkDVTQ/NzGj5r5D9HrtRNlRj
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2