General

  • Target

    https://nodejs.org/dist/v22.15.1/node-v22.15.1-x64.msi

  • Sample

    250519-wdngzacl71

Score
9/10

Malware Config

Targets

    • Target

      https://nodejs.org/dist/v22.15.1/node-v22.15.1-x64.msi

    Score
    9/10
    • Renames multiple (108) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks