General
-
Target
68398465-INVOICE-PO-IMG.js
-
Size
697KB
-
Sample
210510-ra9llt7tpx
-
MD5
0216db9911053cc419ad92f7f35062a4
-
SHA1
5f8efa0c0b9f0205a581da9d6247143ab643e515
-
SHA256
ff3ba1d8de5361dda0d4398fb797cc9e4def93c38485a80a0ac5ed98bb9fdc2a
-
SHA512
aa52161bc7f379ce1f5d66436ae85d06c191fc7272dfa5d3c2412f82aab8a9a83edc6987cb2fabf60379a93d5fd27d56323a8a3589a0ca46942d3df778dd6401
Static task
static1
Behavioral task
behavioral1
Sample
68398465-INVOICE-PO-IMG.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
68398465-INVOICE-PO-IMG.js
Resource
win10v20210410
Malware Config
Targets
-
-
Target
68398465-INVOICE-PO-IMG.js
-
Size
697KB
-
MD5
0216db9911053cc419ad92f7f35062a4
-
SHA1
5f8efa0c0b9f0205a581da9d6247143ab643e515
-
SHA256
ff3ba1d8de5361dda0d4398fb797cc9e4def93c38485a80a0ac5ed98bb9fdc2a
-
SHA512
aa52161bc7f379ce1f5d66436ae85d06c191fc7272dfa5d3c2412f82aab8a9a83edc6987cb2fabf60379a93d5fd27d56323a8a3589a0ca46942d3df778dd6401
Score10/10-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-