045b72bca55c9d7b9152c90c5a1c0cb3189602048cdccd9438ab5e668a9f851e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

os_change_graph.zip
Size

438KB
Sample

240529-tvy9pacc26
MD5

d26ede02e2ffea59047d16f6b8df6f88
SHA1

8fde728253a053142a0de476443a2a1a364b3055
SHA256

045b72bca55c9d7b9152c90c5a1c0cb3189602048cdccd9438ab5e668a9f851e
SHA512

41670366d9e91e528cf5ccea4d2a291646c07a97e527329ed783b856994ed0ff06ece275a5c6882d5c8a246cd6e01e677bba088ae459114222a1c5d2d0e78211
SSDEEP

12288:+W1qThRgPGDOD4nTqIAEF1Ydt+ypoBekO08a5108/O7:+4qteODOcnFFI+ypoBIn827

Score

7^/10

execution

Malware Config

Targets

- Target
  
  os_change_graph.zip
- Size
  
  438KB
- MD5
  
  d26ede02e2ffea59047d16f6b8df6f88
- SHA1
  
  8fde728253a053142a0de476443a2a1a364b3055
- SHA256
  
  045b72bca55c9d7b9152c90c5a1c0cb3189602048cdccd9438ab5e668a9f851e
- SHA512
  
  41670366d9e91e528cf5ccea4d2a291646c07a97e527329ed783b856994ed0ff06ece275a5c6882d5c8a246cd6e01e677bba088ae459114222a1c5d2d0e78211
- SSDEEP
  
  12288:+W1qThRgPGDOD4nTqIAEF1Ydt+ypoBekO08a5108/O7:+4qteODOcnFFI+ypoBIn827
Score

1^/10
behavioral1 behavioral2
- Target
  
  os_change_graph_22278/22278.html
- Size
  
  34KB
- MD5
  
  e9eaa29fd994a916871f26172b4324c6
- SHA1
  
  5e724c51dddf135e703ff1fa9bf7b0d5f78d629a
- SHA256
  
  5eff5e53175a8f9dfecd0334faceac01261e9ae3057cd3fda1e95d1984d84b33
- SHA512
  
  59ded6c0509894746cfcc141bf992f8bc551db490ae7406e908a64077a6edbe5e9f02cc35173208d8556ad80e7335a117f96ce2b101a6ed9aa4ed534df995be0
- SSDEEP
  
  384:2Pp82S2EE5H4svGAFTyPFs+aGF6igWEkZ+a2bYwKiAyij:2Pe145FTyPFqFiak/CzAbj
Score

1^/10
behavioral3 behavioral4
- Target
  
  os_change_graph_22278/assets/javascripts/vendor/bootstrap.min.js
- Size
  
  38KB
- MD5
  
  fc0af94d977ac3216f20e47dfdc70df1
- SHA1
  
  d5f2dda59ef6af225996fa9f60f4f6bb6c6f37f9
- SHA256
  
  d3b2f660b434b8f2c4c187adfe0f0b6ab4ebffdd99da232e6900112311d66798
- SHA512
  
  12e602c35161a0a613e4c74145d81c7c24d72fd8c7941c2293d84f4603e18c8bdfecba9cfd43b7b8755b08a5fee34ae11a7070a2b77c8b7a3a881a748b538758
- SSDEEP
  
  768:up/wtev6UwUx0eWN3MebE9rQuFfU8Vt0azWcsi1m3K0rmq5Yo:NorXfURXiUrmq5Yo
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  os_change_graph_22278/assets/javascripts/vendor/d3.v4.min.js
- Size
  
  216KB
- MD5
  
  e899651bcf1a3591032d7213daeab171
- SHA1
  
  607e02087446eb2efadcbee253db3aca3d794a7b
- SHA256
  
  8585db4092b8a9d26201e0d58e343d1b40fa034c4b9c343878923d7649bb1699
- SHA512
  
  44927534d0bcf1084deddc29098f2b9bfe8ec48f987503f8f03acb19efde48077e9feb353d7c10924a73cc082825ee1c6455b61802d0a31a31eb5812636c907e
- SSDEEP
  
  1536:wJdNAq50g6ds5VIG2pUfpgBU3gPDSb7+CmeoA08h6Vh5Lbg5ECfmDoo5rfIrTGE9:wrN3F2pHSYlyLG1sVAupFmuFyiI7R6
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  os_change_graph_22278/assets/javascripts/vendor/dagre-d3.js
- Size
  
  1.3MB
- MD5
  
  b607e410a655a3921064e069f2bab983
- SHA1
  
  e26f603efbc4a305db11a12f18f66fbd8fb3536b
- SHA256
  
  31a9d94a1ebf8854fd346dd3182e1288d93adca54bb7b6ba7c3a6d3702e7ff19
- SHA512
  
  a3049f465e47e8c20048231280ab6eadb99530b3caa35b8fe01307fbb12471394756908b49d7efe6020fdbbf68c29eacaa0eaa2c7f8cc5c749926adfc1c52359
- SSDEEP
  
  24576:QWUzaHpu6uvnRr/kC4I65Ain0i20V2si32AL5rPzy9mlWPHT:QWUGpu6uvnRr/kC4I65Ain0i2pdlsz
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  os_change_graph_22278/assets/javascripts/vendor/jquery.min.js
- Size
  
  84KB
- MD5
  
  d4162c9d7e520a5de05001be6e741899
- SHA1
  
  0baf29230047c9cd896f14c59618c9948ea79451
- SHA256
  
  2405bdf4c255a4904671bcc4b97938033d39b3f5f20dd068985a8d94cde273e2
- SHA512
  
  b2e52d48f92a62615de4bb37d0dcfa6e30d7f9309c7c4ce115faa38a37dd820b1a159a3296f4e3fb6a1d073b21b344c2c18ad866141e0a01e024492771bd9855
- SSDEEP
  
  1536:+NhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4cAj2ll/ckaXEy6n15HZ+FhFcQDs:Axc2yjxAj2QA/kcQDU8Cuu
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  os_change_graph_22278/assets/stylesheets/vendor/bootstrap.min.css
- Size
  
  95KB
- MD5
  
  a077e551a3d41bc46a56e4b1a3e98808
- SHA1
  
  b14cc80a411c13042e01a68cdba9e7c65c743407
- SHA256
  
  f7b418cd1b8c3c5bc1c6c579692bdf15121353cbea9f63db96bcd6d914d0ce62
- SHA512
  
  dcd5bfd463c6ab90d84d064906050d80fea3d3fe4c99db9aaae9e91ea968f43b1e9c4bc9b9580c4c12f6efb2e69bf4c47bc887b3fae4b6860c19e94d05217be1
- SSDEEP
  
  768:B0R3TpxU9yqZ2hMDJXAMozUcVslfi3E3FI+p7Q6mRbca8DserbIFjCUL4PlOAys1:HbNAzzFEq+pG2mKVmsZP3IguCPxXPb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14