Overview

overview

8

Static

static

1

R41NS22024...xml.js

windows7-x64

8

R41NS22024...xml.js

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff837d6d2f33ca8bd56db750a3a7d5ec98b1b5e07da7433c50b89d19d99459cd.zip

  • Size

    33KB

  • Sample

    240728-b8tx1s1ejk

  • MD5

    7ac61a16095237aaaa67f7cbc3e2f443

  • SHA1

    b786cee594daf7cbde84fc3381cfea9212375ff1

  • SHA256

    ff837d6d2f33ca8bd56db750a3a7d5ec98b1b5e07da7433c50b89d19d99459cd

  • SHA512

    56657824bd6270859c1f72d3926fdaf2f4ecdecbbd1d0198772473658e199f5f2cc624699aa6851e91d43bc068976255da7ec1884a34411af94ff249bd00cdd3

  • SSDEEP

    768:W4YUizhbFP34VpHOcy+CQ0iTaV/mAIUaTU6wOInr3pTMAt5AV:Ob9IVscGV/mzUKvOrN7AV

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      R41NS22024112491256_xml.js

    • Size

      185KB

    • MD5

      117bc3a7fa3309e3f443ea02c267f1d4

    • SHA1

      577ded24bdcbbdffae89df0d3736e2fddba37073

    • SHA256

      3b8d52fd0dc9b98235b8558bcf9312ac7aafcac32f100727671cc0f1be325911

    • SHA512

      d29f4a722560adcf011a664f1156b62d255c6b22108146afc151035606cfebfc5185d991b56236270c09043303f1179440278e7fd18087db537a811d7b38d8ad

    • SSDEEP

      1536:8mAsDLCt+0h4o5YkJI4GvtKeMquLlBpcGts0KwByGzRL:8mPnCE0h4oCYI4GvtKFquLlB11BysRL

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks