General
-
Target
CamScanner 24-07-2021 10.36.pdf.js
-
Size
412KB
-
Sample
210724-jdee8w19l6
-
MD5
d1a0a6dea503e07048ae4fcaf7695a5b
-
SHA1
e11873e54ace729c6cac3cf0d8d09b17a2a0515d
-
SHA256
52b7322206663f810e900cbbf2f38a6b39303619c34ff26ff4cd6b7914523147
-
SHA512
2647f49d050cfa72594391b904bfd670212b4b4c4661b8f772e33d01021c63ef93fee7c03ed4422ff03fee4c9013bb3791a770544dba9412759b766406f3f0bf
Static task
static1
Behavioral task
behavioral1
Sample
CamScanner 24-07-2021 10.36.pdf.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
CamScanner 24-07-2021 10.36.pdf.js
Resource
win10v20210410
Malware Config
Targets
-
-
Target
CamScanner 24-07-2021 10.36.pdf.js
-
Size
412KB
-
MD5
d1a0a6dea503e07048ae4fcaf7695a5b
-
SHA1
e11873e54ace729c6cac3cf0d8d09b17a2a0515d
-
SHA256
52b7322206663f810e900cbbf2f38a6b39303619c34ff26ff4cd6b7914523147
-
SHA512
2647f49d050cfa72594391b904bfd670212b4b4c4661b8f772e33d01021c63ef93fee7c03ed4422ff03fee4c9013bb3791a770544dba9412759b766406f3f0bf
Score10/10-
suricata: ET MALWARE WSHRAT CnC Checkin
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-