04e89a4a130e976ef450dcb0282c302a603b9361df20b9286ca550cdc3c1706c | Triage

Sharing

General

Target

Velo.zip
Size

74KB
Sample

231106-hfhgvabb38
MD5

1025afc0f0f24dd701f02edb22084744
SHA1

095d29d54eb68d191b2a54250ab648db8b1fb0ca
SHA256

04e89a4a130e976ef450dcb0282c302a603b9361df20b9286ca550cdc3c1706c
SHA512

666480d282e668424879ed1d9a5cd2a2c7a37ad637ae3640f249c13f4596d3e4a2336f0852e97aa55c9b5e870af1698e153689719a85100c5ed2a0d436c7e93e
SSDEEP

1536:9AoYOCXJxXaExyMTBQ7CevzIFp6t0zj2raxi3MFM3qyztN7cQ7nbb:v5CXvXa0y6BQZzIecKZJ5uQTX

Score

8^/10

Malware Config

Targets

- Target
  
  Velo.js
- Size
  
  130KB
- MD5
  
  09912f8fc0da59838af6936935f385c5
- SHA1
  
  31228067aeb544210d62f2f3798962cc4f521baa
- SHA256
  
  7f04565936f4f07fab12da3d202f4fb9c9dbc3cad50331cdd12cf9f0045e09ea
- SHA512
  
  6d9e09648c17a88a14bec4c0b09a69562d7d20b4fb836e6c8da8c2135a55bbe40782520f6af1eb90225a37012a2682e0f3b9172d1781b11e7afcee62695e4492
- SSDEEP
  
  3072:kJhGVzLl4MYcAQY6/0I7tPRx6PFWggqUpDRPVlKYPgZ8gV2N:lVN4MYcAQY6/j7t6gq+tVoYPgiNN
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2