General
-
Target
NEW-PO-DETAILS-SWIFT.js
-
Size
179KB
-
Sample
210701-f56y6dh3ne
-
MD5
c9118d65be6e415653f4ccfcc9dedced
-
SHA1
25c48a6c6df8792a5d2dee2a6160ab67bdd89734
-
SHA256
cb14693ffee68af4222ab10ed3ce21ebe607ea9b1862f1302f73e320ef163deb
-
SHA512
c5fc7f6266642b0535c0d850e04a7bc5cfe5d6bc7f21f394286b1d528d0e0fc19508fa5c65ddaf2a413ef93519c84c9333e51cf2fe3c51e60c58d90e970681da
Static task
static1
Behavioral task
behavioral1
Sample
NEW-PO-DETAILS-SWIFT.js
Resource
win7v20210408
Behavioral task
behavioral2
Sample
NEW-PO-DETAILS-SWIFT.js
Resource
win10v20210410
Malware Config
Targets
-
-
Target
NEW-PO-DETAILS-SWIFT.js
-
Size
179KB
-
MD5
c9118d65be6e415653f4ccfcc9dedced
-
SHA1
25c48a6c6df8792a5d2dee2a6160ab67bdd89734
-
SHA256
cb14693ffee68af4222ab10ed3ce21ebe607ea9b1862f1302f73e320ef163deb
-
SHA512
c5fc7f6266642b0535c0d850e04a7bc5cfe5d6bc7f21f394286b1d528d0e0fc19508fa5c65ddaf2a413ef93519c84c9333e51cf2fe3c51e60c58d90e970681da
Score10/10-
WSHRAT Payload
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-