c21f49c36fc2f8eba6c06759df8cd965f01d40489f64ddfc70c50a7b8f6817e3 | Triage

Sharing

General

Target

kslvnlksroew.js
Size

578KB
Sample

230616-tb5x5aff76
MD5

08de5eba1172b8101b5901da3cdbbbf3
SHA1

3641875022a9fe364f422264f29e71582f225554
SHA256

c21f49c36fc2f8eba6c06759df8cd965f01d40489f64ddfc70c50a7b8f6817e3
SHA512

81e58a1539dfe548b581e12a38cfff84802f4e742aa123641c1d82b776f767e9f514534489cba35db3325ab807310484f4a1fdc3bba1b201fb947185d86b23bd
SSDEEP

12288:mWGJKxqUwYJpnwhdIhiZAwIQ4Cj8kA4dywL0u+p+fm3DB29vRQIXQrQHRtzggojC:muZ9KCkHR5ggoo5vuDf2Ag//nt0n4Gro

Score

8^/10

Malware Config

Targets

- Target
  
  kslvnlksroew.js
- Size
  
  578KB
- MD5
  
  08de5eba1172b8101b5901da3cdbbbf3
- SHA1
  
  3641875022a9fe364f422264f29e71582f225554
- SHA256
  
  c21f49c36fc2f8eba6c06759df8cd965f01d40489f64ddfc70c50a7b8f6817e3
- SHA512
  
  81e58a1539dfe548b581e12a38cfff84802f4e742aa123641c1d82b776f767e9f514534489cba35db3325ab807310484f4a1fdc3bba1b201fb947185d86b23bd
- SSDEEP
  
  12288:mWGJKxqUwYJpnwhdIhiZAwIQ4Cj8kA4dywL0u+p+fm3DB29vRQIXQrQHRtzggojC:muZ9KCkHR5ggoo5vuDf2Ag//nt0n4Gro
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2