e9496e1917faa5a76678ef0dffb7a9391a9df7a27fe41e341359a381901055ee | Triage

Sharing

General

Target

LDYHD.zip
Size

139KB
Sample

231106-sk6qcadf37
MD5

28829d235bd8530ecb2030d9e7b6360c
SHA1

aa3389427fd1a708c2bd92f6b896e0c532bca058
SHA256

e9496e1917faa5a76678ef0dffb7a9391a9df7a27fe41e341359a381901055ee
SHA512

682939374306d09efebcb029d89728511e85ebc3384eedc282b2be00bb2cc6cf8d4313e20aa5fbb1139106e2fc3b97820482b3530e03effec621c40526db7b91
SSDEEP

3072:RPkCqekxG9BHDZU5lhoy20WhlmZYkaldFcv4w3LRvVt8eOeQgsM1vkyyFt0:bqeHbelhoy/Whl+dWov4w3LR9tfOeQDG

Score

8^/10

Malware Config

Targets

- Target
  
  Lkygmroc.js
- Size
  
  204KB
- MD5
  
  ce44fba9e65e092ae312176c0fd267db
- SHA1
  
  de9d41730933d553d9f8f89d5261a6ae6079ed54
- SHA256
  
  a05f3bbcef9ca7a516af4971f2a272fc75770e2f57b3fe99ae363359d8461714
- SHA512
  
  780eb23fb84ff07e908908345b29ebd88078def0aba30657f87dac667936e3d959f024769244ad3882db3babaaee398fdefcba0128acb3ce29ce3146ff59e95f
- SSDEEP
  
  3072:jFJe7hgqWjPBELA7Ij/Xy8QkbmUca2ReLlWWul5:ZJeWqsBELzLxbmUcvRElXul5
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2