General
-
Target
receipt.js
-
Size
210KB
-
Sample
210421-14xwbm9az2
-
MD5
0d18f9a0a1605a34247be8918dd3d360
-
SHA1
1046c9c221468b1a8725d9e958ddf20b0ec3a6c1
-
SHA256
3001d3aea048d4624a808d041a483d0b5142772fa19412c1177e83ffc2e543de
-
SHA512
cc32e93e876ff536475cec9a0ceea4014d443b994dfe4c7be899745c15001ed86d6dc66e79fc281af0d1b4acaa35cb7f2c30df7f1f48a2cb6fbc8d79c35d7011
Static task
static1
Behavioral task
behavioral1
Sample
receipt.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
receipt.js
Resource
win10v20210408
Malware Config
Targets
-
-
Target
receipt.js
-
Size
210KB
-
MD5
0d18f9a0a1605a34247be8918dd3d360
-
SHA1
1046c9c221468b1a8725d9e958ddf20b0ec3a6c1
-
SHA256
3001d3aea048d4624a808d041a483d0b5142772fa19412c1177e83ffc2e543de
-
SHA512
cc32e93e876ff536475cec9a0ceea4014d443b994dfe4c7be899745c15001ed86d6dc66e79fc281af0d1b4acaa35cb7f2c30df7f1f48a2cb6fbc8d79c35d7011
Score10/10-
WSHRAT Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-