5fe4002079302b5d0568cd3e1f58f506ef98f57e4004eefd712479c685c73e6b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Document FXNRuW-9600.js
Size

185KB
Sample

230706-wlak3sdf55
MD5

bd72ad59337e7e4eda422f54f5681e09
SHA1

d24e866f34e06c429b45d736b57f8e616bc04d1c
SHA256

5fe4002079302b5d0568cd3e1f58f506ef98f57e4004eefd712479c685c73e6b
SHA512

b67ad59ec8bc60bf52148b01a4ab7e8de8fa4dedfc26a2da85ce45d5da0e0ab92587d16fed8ef067721609e4255008b2789832403cf77e1edf0ae1efe355781e
SSDEEP

3072:cofCXwNPscW28/rlA18uBB72E1z8t78xo2s:cofCgtruePP2e4t7x/

Score

8^/10

Malware Config

Targets

- Target
  
  Document FXNRuW-9600.js
- Size
  
  185KB
- MD5
  
  bd72ad59337e7e4eda422f54f5681e09
- SHA1
  
  d24e866f34e06c429b45d736b57f8e616bc04d1c
- SHA256
  
  5fe4002079302b5d0568cd3e1f58f506ef98f57e4004eefd712479c685c73e6b
- SHA512
  
  b67ad59ec8bc60bf52148b01a4ab7e8de8fa4dedfc26a2da85ce45d5da0e0ab92587d16fed8ef067721609e4255008b2789832403cf77e1edf0ae1efe355781e
- SSDEEP
  
  3072:cofCXwNPscW28/rlA18uBB72E1z8t78xo2s:cofCgtruePP2e4t7x/
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2