59fc0678c8b19288b2dd685052b3b22c84769ecd6c6d383fb2475b2492758858 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

minnesotans.js
Size

279KB
Sample

230525-hjng9sgh5y
MD5

55b6519fc314dce39daef84bee46e367
SHA1

5e791803cf28d4e46722232312b185a4bcbaf0df
SHA256

59fc0678c8b19288b2dd685052b3b22c84769ecd6c6d383fb2475b2492758858
SHA512

1b7ba94427d0e139297ac4b4c2fbe7e672ca46c17c8440ba799036055c5ecc7c2270cbe94789978dbc61e601f5d26f82aa4b96c86ecc181e37afeede1a441b96
SSDEEP

3072:Tivg2Y3lixDfYMvf0ZG7wzO6aKI6AW2+QMcLeAgwNNrxgzq:IClixDfbvfUGEzO6R8F+QNx3Kzq

Score

8^/10

Malware Config

Targets

- Target
  
  minnesotans.js
- Size
  
  279KB
- MD5
  
  55b6519fc314dce39daef84bee46e367
- SHA1
  
  5e791803cf28d4e46722232312b185a4bcbaf0df
- SHA256
  
  59fc0678c8b19288b2dd685052b3b22c84769ecd6c6d383fb2475b2492758858
- SHA512
  
  1b7ba94427d0e139297ac4b4c2fbe7e672ca46c17c8440ba799036055c5ecc7c2270cbe94789978dbc61e601f5d26f82aa4b96c86ecc181e37afeede1a441b96
- SSDEEP
  
  3072:Tivg2Y3lixDfYMvf0ZG7wzO6aKI6AW2+QMcLeAgwNNrxgzq:IClixDfbvfUGEzO6R8F+QNx3Kzq
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2