6e24438d59e07fae1fe0b3ec7172055f8990605fd606c1c87dbefce865cec69a | Triage

Resubmissions

01/09/2023, 16:26

230901-txsvpagc84 8

25/05/2023, 17:06

230525-vmlt3abd59 8

25/05/2023, 17:01

230525-vjmbesca51 8

Sharing

General

Target

Fmhngx.js
Size

204KB
Sample

230525-vjmbesca51
MD5

4727334812c4d91d037c02510c44885e
SHA1

0b9fef22fec3a4f0d9f5b3ed64118d8f60c16069
SHA256

6e24438d59e07fae1fe0b3ec7172055f8990605fd606c1c87dbefce865cec69a
SHA512

d4a76b64ceca8d225d1e7e84714966b5359d28ebe972e6cffce6a649656be07dd9650bd7b8381e8534203b2070da4765fcf1afd3d858ed20840984e0611256f2
SSDEEP

3072:QoG76ar4l1qDvatIVFcWwblWrj6/ns5JoDXn0Pns:QoG7cDqDvatIVifQJorKs

Score

8^/10

Malware Config

Targets

- Target
  
  Fmhngx.js
- Size
  
  204KB
- MD5
  
  4727334812c4d91d037c02510c44885e
- SHA1
  
  0b9fef22fec3a4f0d9f5b3ed64118d8f60c16069
- SHA256
  
  6e24438d59e07fae1fe0b3ec7172055f8990605fd606c1c87dbefce865cec69a
- SHA512
  
  d4a76b64ceca8d225d1e7e84714966b5359d28ebe972e6cffce6a649656be07dd9650bd7b8381e8534203b2070da4765fcf1afd3d858ed20840984e0611256f2
- SSDEEP
  
  3072:QoG76ar4l1qDvatIVFcWwblWrj6/ns5JoDXn0Pns:QoG7cDqDvatIVifQJorKs
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2