2d152e9c4ec490fdba65efb87ed161cd1e1b5b9000eed509a928903f99156439 | Triage

Sharing

General

Target

document_DB798_Jun_15.zip
Size

4KB
Sample

230615-ss3nnaac64
MD5

ae6a38c2f4f7e49417e01ad78d128802
SHA1

a2aa5bb2fb83b5eca1d63d27b4270594db1bcc70
SHA256

2d152e9c4ec490fdba65efb87ed161cd1e1b5b9000eed509a928903f99156439
SHA512

e2e032cf95d1ef071601845dfbae129f4f0f6d6eae6d8934b35dfe30698f36376b7fbfb956cde597843a5e0d7466f31b48625eceb9fc27ced7d7f78a0c809e8e
SSDEEP

96:rN+7mAu3ffcw+qXa6+FsNqA+7mAu3ffcw+qXa6+FsNqv+7mAu3ffcw+qXa6+FsNM:p+7mfXi4aVFsNn+7mfXi4aVFsNY+7mfw

Score

8^/10

Malware Config

Targets

- Target
  
  document_DB798_Jun_15_1.js
- Size
  
  5KB
- MD5
  
  ccbcf7f0c1a6cf533bea8c541cec65c8
- SHA1
  
  66508c03201f46e065e78e6cbe01e5715e4f764c
- SHA256
  
  d892f064fd53f65d347124c052e58a7c6f317f759a52d4da23aa8a141cd55890
- SHA512
  
  e0655d0b9b9b804adb81cf7a27b3f5cd74b6fb84d402a52ed9279cfe88f7ecbe560c0b2d01ed5a98ba87fa780b8c547e5785f3a47300ad42ed8ac4224bd60385
- SSDEEP
  
  96:EVUHZFSYQYGZjTqH8v/2TuFxD78H8v/2TTxDe7MDsyEBD3MTQyeyZqg1WuTQyv3Q:WB/8o/8iB8ZG
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  document_DB798_Jun_15_2.js
- Size
  
  5KB
- MD5
  
  ccbcf7f0c1a6cf533bea8c541cec65c8
- SHA1
  
  66508c03201f46e065e78e6cbe01e5715e4f764c
- SHA256
  
  d892f064fd53f65d347124c052e58a7c6f317f759a52d4da23aa8a141cd55890
- SHA512
  
  e0655d0b9b9b804adb81cf7a27b3f5cd74b6fb84d402a52ed9279cfe88f7ecbe560c0b2d01ed5a98ba87fa780b8c547e5785f3a47300ad42ed8ac4224bd60385
- SSDEEP
  
  96:EVUHZFSYQYGZjTqH8v/2TuFxD78H8v/2TTxDe7MDsyEBD3MTQyeyZqg1WuTQyv3Q:WB/8o/8iB8ZG
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  document_DB798_Jun_15_3.js
- Size
  
  5KB
- MD5
  
  ccbcf7f0c1a6cf533bea8c541cec65c8
- SHA1
  
  66508c03201f46e065e78e6cbe01e5715e4f764c
- SHA256
  
  d892f064fd53f65d347124c052e58a7c6f317f759a52d4da23aa8a141cd55890
- SHA512
  
  e0655d0b9b9b804adb81cf7a27b3f5cd74b6fb84d402a52ed9279cfe88f7ecbe560c0b2d01ed5a98ba87fa780b8c547e5785f3a47300ad42ed8ac4224bd60385
- SSDEEP
  
  96:EVUHZFSYQYGZjTqH8v/2TuFxD78H8v/2TTxDe7MDsyEBD3MTQyeyZqg1WuTQyv3Q:WB/8o/8iB8ZG
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6