General
-
Target
Rechnung2498.js
-
Size
179KB
-
Sample
210215-yvsb7dxpx6
-
MD5
093aa4289d9d8d8315ab0ea9b306f0a0
-
SHA1
0316c6e558148a10d0acf63bc84f53ca315b1acf
-
SHA256
39f7abd459bda03744d7d1dfb7dd15b2204014d75f20d86a13789648d6f44b1d
-
SHA512
ddea7839a14759a27d17578850fb473f720bf911cb9d6e56c3e55a963eca51a85ae1706d2f8bca31b216fa7ef2457135dd1a198008203e6635cb73fd3df985f8
Static task
static1
Behavioral task
behavioral1
Sample
Rechnung2498.js
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Rechnung2498.js
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Rechnung2498.js
-
Size
179KB
-
MD5
093aa4289d9d8d8315ab0ea9b306f0a0
-
SHA1
0316c6e558148a10d0acf63bc84f53ca315b1acf
-
SHA256
39f7abd459bda03744d7d1dfb7dd15b2204014d75f20d86a13789648d6f44b1d
-
SHA512
ddea7839a14759a27d17578850fb473f720bf911cb9d6e56c3e55a963eca51a85ae1706d2f8bca31b216fa7ef2457135dd1a198008203e6635cb73fd3df985f8
Score10/10-
WSHRAT Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-