84e4c206954f13f07127e40e76dc6754f4d729e56f6b5ec8ee045a714003814d | Triage

Sharing

General

Target

WoomerasShtetel.js
Size

201KB
Sample

230525-nvn6tshe86
MD5

9b94a2b7783fa1bfc2bc7ec1545699ae
SHA1

3a670d1a54de1b5083429ccaba51c2cb57ca7247
SHA256

84e4c206954f13f07127e40e76dc6754f4d729e56f6b5ec8ee045a714003814d
SHA512

227eec9f1f49921c35c9f3b3fafe4223e571a1d457703b9c0ca0aa129e8339910376ff7d91f6f3f158e5126cf3bdbf83957b77980356877347e0f497c3e0a8d6
SSDEEP

3072:qlUer9g0dXr4l1qDvatIVFcWwblWrj6/ns5JoDXn0PnH:qyeRgdDqDvatIVifQJorKH

Score

8^/10

Malware Config

Targets

- Target
  
  WoomerasShtetel.js
- Size
  
  201KB
- MD5
  
  9b94a2b7783fa1bfc2bc7ec1545699ae
- SHA1
  
  3a670d1a54de1b5083429ccaba51c2cb57ca7247
- SHA256
  
  84e4c206954f13f07127e40e76dc6754f4d729e56f6b5ec8ee045a714003814d
- SHA512
  
  227eec9f1f49921c35c9f3b3fafe4223e571a1d457703b9c0ca0aa129e8339910376ff7d91f6f3f158e5126cf3bdbf83957b77980356877347e0f497c3e0a8d6
- SSDEEP
  
  3072:qlUer9g0dXr4l1qDvatIVFcWwblWrj6/ns5JoDXn0PnH:qyeRgdDqDvatIVifQJorKH
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2