General
-
Target
AGB EmektarMakina Ticaret.js
-
Size
135KB
-
Sample
210524-w7jxlg2lln
-
MD5
5e1cbb6566f677da1d920c9d22f59bd7
-
SHA1
32e31e15fe42e4cb9e2a03698a5c7bc386311eb6
-
SHA256
a1660698b8655cb721f71693178d2804caba8aa12c3a25446c6f7c665a30f2ff
-
SHA512
6ffa6cb201b2c20403214072b41cafc0e3c3fefe642d475679f63b60b8cd607e090586ece4e86958337638fd87004df20e4f9946ac00fd29482aa0a951dedd66
Static task
static1
Behavioral task
behavioral1
Sample
AGB EmektarMakina Ticaret.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
AGB EmektarMakina Ticaret.js
Resource
win10v20210410
Malware Config
Targets
-
-
Target
AGB EmektarMakina Ticaret.js
-
Size
135KB
-
MD5
5e1cbb6566f677da1d920c9d22f59bd7
-
SHA1
32e31e15fe42e4cb9e2a03698a5c7bc386311eb6
-
SHA256
a1660698b8655cb721f71693178d2804caba8aa12c3a25446c6f7c665a30f2ff
-
SHA512
6ffa6cb201b2c20403214072b41cafc0e3c3fefe642d475679f63b60b8cd607e090586ece4e86958337638fd87004df20e4f9946ac00fd29482aa0a951dedd66
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-