General
-
Target
Payment pdf.zip
-
Size
246KB
-
Sample
210727-3zp21s6rjs
-
MD5
a1a6542193de32c4447a42d2e57b6f70
-
SHA1
70a00d83666f05fbcc245fc11bc93a5fdf5cdfe2
-
SHA256
2d6442135af8135536b063c489b54b2212618df06fd8b65b716866f66a8b0d96
-
SHA512
e5f7e7b5c64d2be1c2df34762e622751809442e1f675305a5d6ae7d453563207965b34dc225d25392f3500588d2ef82be99baa135fdc5ff87ba053f1aff06703
Static task
static1
Behavioral task
behavioral1
Sample
Payment pdf.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Payment pdf.js
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Payment pdf.js
-
Size
1014KB
-
MD5
f098336e5dbe72f0af2370678bf9be2f
-
SHA1
cb7d88f11c695a4a69eecaab5ca563c2437ab78d
-
SHA256
f59e56f5a8735cf57b82bd6a6c76e352edae68f40e19efd1a03cd5fe15b06d4e
-
SHA512
b6570af35eeddad6b9ca67faf4c4424d5fa49ed5a09863d688d9069928da8121cf1936ad254bfc8cc28e8637c4c1e04604c929d4678e140a348626bd57eb58cf
Score10/10-
suricata: ET MALWARE WSHRAT CnC Checkin
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-