Overview

overview

8

Static

static

1

Notesom.js

windows7-x64

8

Notesom.js

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    WXO.zip

  • Size

    116KB

  • Sample

    231220-mwd7ksbdck

  • MD5

    2a0583f4009ea45728856091185384ee

  • SHA1

    4179f96e765fd2b0a1fc2b258e78794c545051ee

  • SHA256

    90fca96cc2e6e56e77c2f948ad7a81cd8ad5b2ad9629a2bd2c02985130b8db23

  • SHA512

    6519dc402474d7add88f492a28a145d54ac990dd8981ba5008febe472b76f4249540d6d66db85297f561154426f1c64b1cc76cb29ad69b30b792741ba386fcb7

  • SSDEEP

    3072:nAJsjCJK9QE3zoIfqK8CW6LUeKwSlFoQIocW:nAejB9rHCKln/KSQrj

Score
8/10

Malware Config

Targets

    • Target

      Notesom.js

    • Size

      75KB

    • MD5

      b305a98050164ca5bcebb8c41087f8a7

    • SHA1

      a505d3d54a7c1c1524f767ceb71433b54a7f769f

    • SHA256

      c7fa21a28f06df9fea4cec8343adb4970549f0ce3b67a88a9adb2e74215d7367

    • SHA512

      3de349a7dbc8c30086e9a75953836c8d0998ca81a3ad6de4b298e8f81f3f6092ebd261d548f5d3bdb520845228fd6bf845e7374d21dc9bb7776c189c79278195

    • SSDEEP

      1536:BALuT+QWqWdxRnzDk4z5/mOx7O8I7neKXhk66:kz3MnXh/6

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks