f58b8043a764f98f4c203e7d5b8ff3fe85fec22e8b912c01dd39f8e5a8c1725d | Triage

Sharing

General

Target

LVNU.zip
Size

72KB
Sample

231219-s8xscagfgj
MD5

d867630708f66884711d0955c1f388e8
SHA1

0d4fb05535d46a8704860b5107ec77c8ef289661
SHA256

f58b8043a764f98f4c203e7d5b8ff3fe85fec22e8b912c01dd39f8e5a8c1725d
SHA512

a071eb40aff810b3ad862d7b2bf1712296281259bfa19a3d59b69c748b4b7106be6d1e324bb4f164194cd06ee4ced193cc3315863af853c57cc91c588ccceaeb
SSDEEP

1536:Ys/vMTDLMWDNcnt9ejXUsiavAf+8hZPoIB+Y4vMM9102T9zJFBJBh:YsHelCCUFCQbV0Y4kE1jZH7D

Score

8^/10

Malware Config

Targets

- Target
  
  Notevw.js
- Size
  
  75KB
- MD5
  
  7267f4f9636f9d694227fa1854ff2c2e
- SHA1
  
  83745e6aa800a4ac3e7c947b33967f22c0861232
- SHA256
  
  0c03d8bf143f02da7c9bcbe293eb21a0f87f5adaca114a0ea2085b821b198eb0
- SHA512
  
  c9d2c1f55a8ecd104279e1492b38c207b973046c4ad83a904de2c6b75bb3a94a19c5eb687723378968499440c8b2927bc763fd0673164806773b7b9f2edb1111
- SSDEEP
  
  1536:7Je3Dk/juS/X10odwro/ga3Y0wo9peKXhs0S:1KsdqLippnXhtS
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2