d95c987423f2a2df57dccd6d9457804edddf58e28ba59cf22e8efc6beee7da09 | Triage

Sharing

General

Target

QEHJ.zip
Size

31KB
Sample

231222-svqf4sbfd8
MD5

2ec48ac4754ec1ea6eec87e5a721a963
SHA1

88c5e7b444c9a79566496ab75165ce4a06160af6
SHA256

d95c987423f2a2df57dccd6d9457804edddf58e28ba59cf22e8efc6beee7da09
SHA512

9c314674a65f88b9fcf89483c85aab99164671e03f6bf769a2cd7292b58221d2cb14bc9e25b1e8c05577e042bb1a36f67e1789c8eb303457eda1771d0e61aeb9
SSDEEP

768:Ob5Rj7yoRklaGii5UIRMa5E9yD26JGEzI3Pd9v45:M5FrkOi5RZ5fvGEaU

Score

8^/10

Malware Config

Targets

- Target
  
  Oow.js
- Size
  
  111KB
- MD5
  
  181347abdbadb59298f2991f72622795
- SHA1
  
  7a7cde7fe72e6afc46d0fe557e2a4be26cea86f6
- SHA256
  
  000a5696c9efbd41eadef6758011c1eb13bcc18afa4393e2ac80b87e5807a308
- SHA512
  
  3423ab38140529f5a0bee96f9907de3245ad37db50d0fe4fec95c76c2971bb87b5c6802df6fb01e9adaefd61d5fe9b14c6458fb0e2085df9876c31b0d76ecadd
- SSDEEP
  
  3072:ObyPIRHE/jmBzAat20IiTm2m2dQJ5/uw82FIOiZ23X:WIaw0Tk856X
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2