b121cd60432aa6c7d703e36ec9e5aedc4b9e1e7aae807becbcd7ab2d336c507f | Triage

Sharing

General

Target

Rklgiqdh.js
Size

205KB
Sample

230525-p2cbaaag3v
MD5

e9d34f05ff9459b03e9f86c6f84c6eb6
SHA1

440d1b3ea00f7fe6631eced772aaf19bd39d7b9e
SHA256

b121cd60432aa6c7d703e36ec9e5aedc4b9e1e7aae807becbcd7ab2d336c507f
SHA512

0192def84e5d04836474fb11e3a98ae59d0e346f20dd04855ab4ce3872add53ebfe1398c8a5bdc4cf3f5c3f2d6ae23edda2d1a7f52384e86fc1e4b8f9c9f65f8
SSDEEP

3072:1K6zSr4l1qDvatIVFcWwblWrj6/ns5JoDXn0Pns:1K6zDqDvatIVifQJorKs

Score

8^/10

Malware Config

Targets

- Target
  
  Rklgiqdh.js
- Size
  
  205KB
- MD5
  
  e9d34f05ff9459b03e9f86c6f84c6eb6
- SHA1
  
  440d1b3ea00f7fe6631eced772aaf19bd39d7b9e
- SHA256
  
  b121cd60432aa6c7d703e36ec9e5aedc4b9e1e7aae807becbcd7ab2d336c507f
- SHA512
  
  0192def84e5d04836474fb11e3a98ae59d0e346f20dd04855ab4ce3872add53ebfe1398c8a5bdc4cf3f5c3f2d6ae23edda2d1a7f52384e86fc1e4b8f9c9f65f8
- SSDEEP
  
  3072:1K6zSr4l1qDvatIVFcWwblWrj6/ns5JoDXn0Pns:1K6zDqDvatIVifQJorKs
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2