386424e1b297fd8e7bab7dd0fc76ec9b186cfcb8633cbf043e52b027bebeeb8e | Triage

Sharing

General

Target

edc685e5-b8fd-4e80-8632-b11ab4dc5d49.gz
Size

46KB
Sample

231119-3g5c8acf35
MD5

1890a6d1e67048bbefc2c2d8b3da95d0
SHA1

5576ddd5d6516440f71957c9c88567d109589b70
SHA256

386424e1b297fd8e7bab7dd0fc76ec9b186cfcb8633cbf043e52b027bebeeb8e
SHA512

1b02e6a333d8547aaae46d4d1c1a94a35c70a398ca4b41f51d1bf24ddf1918dc6384289f3ba726ede43e8f83a3043f5d6898e080ded0c342bf33431357105abf
SSDEEP

768:t0UX0iuZ2l8NzqgEY6f6aii8XKsgUywMTCXgDmhCs4OBX3B5p6iLOkmrNTKV0:tDX0R0+zc56aGaskwfg8CmbqkoNV

Score

8^/10

Malware Config

Targets

- Target
  
  PO.jse
- Size
  
  126KB
- MD5
  
  1b944b775d9ffdcbec738253decd7d77
- SHA1
  
  7cbdd021f4fbe80be9e3719c8e698840ade6db3e
- SHA256
  
  5200574199e54089e02c98983b96399eee52a928cf543fdf60804fb70f056814
- SHA512
  
  d93d9a3da56d4148efeb9e2a161f120d28d0d52e0797b84f24f0cdd161262b40d5788bd83d8736129582806cd1a59bf64415d255879f6c296cc8de558834cfb8
- SSDEEP
  
  3072:lYVa2VeKq8vPtoWOujPX5QCEEFyKck7EQ+/FQbU7vzn:iEqlt7sl
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2