General
-
Target
Delivery_Notification_00896328.doc.js
-
Size
248KB
-
Sample
210117-v36h76g17e
-
MD5
0168089428c6aa371f4275d0872b0970
-
SHA1
d2595c0a40c4d8dcf9f7c711f472abc6ac0f592e
-
SHA256
dc20c80a0c1db5848ceef6714c6d774f3002a0c595638aff0410ae2ddabb710a
-
SHA512
915d7a3f63429a27dace53418d8b3216ef3b4b6ac82d63ecca6f1590aa7380449fb4fe3ec8eed5a9aa3a8dadeed5ef32091ecdf2e885aca8d998d8150d07f418
Static task
static1
Behavioral task
behavioral1
Sample
Delivery_Notification_00896328.doc.js
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Delivery_Notification_00896328.doc.js
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\a.txt
19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
http://ferroli-lietuva.eu/counter/?a=19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
http://georgina-collier.com/counter/?a=19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
http://firstshow.info/counter/?a=19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
http://gayathri.co.in/counter/?a=19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
http://jackroubaud.com/counter/?a=19bKG2PuU8s4kjfqBYepN3yTuuKC2NEQbZ
Targets
-
-
Target
Delivery_Notification_00896328.doc.js
-
Size
248KB
-
MD5
0168089428c6aa371f4275d0872b0970
-
SHA1
d2595c0a40c4d8dcf9f7c711f472abc6ac0f592e
-
SHA256
dc20c80a0c1db5848ceef6714c6d774f3002a0c595638aff0410ae2ddabb710a
-
SHA512
915d7a3f63429a27dace53418d8b3216ef3b4b6ac82d63ecca6f1590aa7380449fb4fe3ec8eed5a9aa3a8dadeed5ef32091ecdf2e885aca8d998d8150d07f418
Score10/10-
Blocklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-