db05c7e247d0a1a64c74a3e5dea2ed7b2b7e4c59c9344e23d852841fc86ee5c9 | Triage

Sharing

General

Target

hysterocrystall.js
Size

258KB
Sample

230525-hfsyksgh2z
MD5

ee5f6a2f511d04c2bfcce4f56cf7e51d
SHA1

73b9aa52792f9413a329d7587c299d29d799e549
SHA256

db05c7e247d0a1a64c74a3e5dea2ed7b2b7e4c59c9344e23d852841fc86ee5c9
SHA512

797419d1e8524e2cf661d3696bd22a39d3af642c423d40b33275f1a8487481c51591e3a4d4d3cf8f4f1a8775fcc837a03df0683dd0b10431a22f570cb7365996
SSDEEP

3072:yHpEjlMSlxMQ1zyY6freW+Kz5eDn1ZiD6xAwEinxpHZWfpKxUOlY0:kK2Y6TN+EeDnHBxAwEinxpQKxUOlY0

Score

8^/10

Malware Config

Targets

- Target
  
  hysterocrystall.js
- Size
  
  258KB
- MD5
  
  ee5f6a2f511d04c2bfcce4f56cf7e51d
- SHA1
  
  73b9aa52792f9413a329d7587c299d29d799e549
- SHA256
  
  db05c7e247d0a1a64c74a3e5dea2ed7b2b7e4c59c9344e23d852841fc86ee5c9
- SHA512
  
  797419d1e8524e2cf661d3696bd22a39d3af642c423d40b33275f1a8487481c51591e3a4d4d3cf8f4f1a8775fcc837a03df0683dd0b10431a22f570cb7365996
- SSDEEP
  
  3072:yHpEjlMSlxMQ1zyY6freW+Kz5eDn1ZiD6xAwEinxpHZWfpKxUOlY0:kK2Y6TN+EeDnHBxAwEinxpQKxUOlY0
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2