f8e85c9ec377180412e1d4a6b8b88b1e0de130348c026016a576f7bfc0f8cc96 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RB.zip
Size

110KB
Sample

231102-wr1z8ade9x
MD5

aaed3e1e0a32d10169ccda86400fd070
SHA1

4e451da028aff51cc58948d8e958d789d809d256
SHA256

f8e85c9ec377180412e1d4a6b8b88b1e0de130348c026016a576f7bfc0f8cc96
SHA512

86b3e6627fa032d064f88d96ccbc776db093d52df77f42d805e8a7dfa60c3cb08da323642f477476c1dd314c9db52e641e5fc6e64284fedf1a78f35a68414286
SSDEEP

3072:t1evhPVrnSA1biVQRD5RKgaF/0p+FA6f+9wOVQXk3/Rb:s9rnx18QRNRZaF0p6f+9wOkk/F

Score

8^/10

Malware Config

Targets

- Target
  
  Ymne.js
- Size
  
  189KB
- MD5
  
  a22044c679e44c26e35d14c364fda81a
- SHA1
  
  d10a869658b911a32b5662d30b6e9e01786fac83
- SHA256
  
  5348aec0d8a0c5c0c4ce4c22e0e093cd355e2237be8a737f30120836b592c26a
- SHA512
  
  dd6d13602b89299f2f46b495dfae854cc987519bf390832c824a6d88fa5d3f07aaa37eb670c92413252802157c8b5a33b5e3d55032b0a09a1fcac41fd480c199
- SSDEEP
  
  3072:8FJeehgA8jVHaVip4jF5MIU8/Aza2ReLlR8gV+c:cJeJAkHaVppF/AzvRElqtc
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2