91e3691ce9488ccca9bead4131a51558b8756b889a1c338d6cba55392eaf71d2 | Triage

Sharing

General

Target

0bae047a2fecd7a081f9980a7f754af4fa0c9e5eb41b937ab8448ef50edf820f.zip
Size

67KB
Sample

231119-2bwcpada8z
MD5

d27dc6988927736f0e2d1e42302f84ad
SHA1

972b298f371eadfc1792035081264e0ce7d682ef
SHA256

91e3691ce9488ccca9bead4131a51558b8756b889a1c338d6cba55392eaf71d2
SHA512

d9208649c049acfe3f380596bd53a37b089fdf9cdce24a49e2fb30d7a0e14f98544e205d1b2b36ef9553dea204194837d6d16697947116698f3f6647db2be62f
SSDEEP

1536:exN4JrwoS/vpoaT3nFLooSiC/VhP59+5Bu8SrFOhIsZWkq:GNqEoSHpDSFfPH+5BuhgM

Score

8^/10

Malware Config

Targets

- Target
  
  JNVEEN.js
- Size
  
  237KB
- MD5
  
  ea6fd6ca47514d9c632c119d73aef528
- SHA1
  
  0d47cbd6d19a17a57077cbc0d0aa659865458672
- SHA256
  
  c788100411c38388afc3438dccc05297ac7a77083f579e4a7e8d6e1479214fde
- SHA512
  
  e20079b69e82eb48222635ef03a6f935871ea69f6d7715401ac208bbbb33a5af7fcb8c6c745364b31c2ee07e3f4bf2e5e5c2d1ae6ae87b795fa23230ead290ec
- SSDEEP
  
  6144:k7hgXeerjqlI2Iro+Qqn7hgXeerjqlI2Iro+JGxw:ehgSlI23W7hgSlI23Ct
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2