General
-
Target
Payment pdf.js
-
Size
1014KB
-
Sample
210727-dhrlrkvde2
-
MD5
f098336e5dbe72f0af2370678bf9be2f
-
SHA1
cb7d88f11c695a4a69eecaab5ca563c2437ab78d
-
SHA256
f59e56f5a8735cf57b82bd6a6c76e352edae68f40e19efd1a03cd5fe15b06d4e
-
SHA512
b6570af35eeddad6b9ca67faf4c4424d5fa49ed5a09863d688d9069928da8121cf1936ad254bfc8cc28e8637c4c1e04604c929d4678e140a348626bd57eb58cf
Static task
static1
Behavioral task
behavioral1
Sample
Payment pdf.js
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment pdf.js
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Payment pdf.js
-
Size
1014KB
-
MD5
f098336e5dbe72f0af2370678bf9be2f
-
SHA1
cb7d88f11c695a4a69eecaab5ca563c2437ab78d
-
SHA256
f59e56f5a8735cf57b82bd6a6c76e352edae68f40e19efd1a03cd5fe15b06d4e
-
SHA512
b6570af35eeddad6b9ca67faf4c4424d5fa49ed5a09863d688d9069928da8121cf1936ad254bfc8cc28e8637c4c1e04604c929d4678e140a348626bd57eb58cf
Score10/10-
suricata: ET MALWARE WSHRAT CnC Checkin
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-