General
-
Target
BL_SHIPPING_DOC.js
-
Size
248KB
-
Sample
210823-pc1x7w7r3s
-
MD5
c895f5dae03d1e6030775e0161975b14
-
SHA1
18c28bce01ba6d6e3fce7bdf568baf302dac77df
-
SHA256
db2ecbc435d932b7947857e4f9108ffe48c7a5af8ad9a34836c9d6cd96193ed0
-
SHA512
5ebc550b39310edd80b58ceb155863044c34c569d9c223bc587aed150bc26d65ae7dfc9ce219ae4948fa5efb38abcb525702991e99f0690d4a01522ed55f371d
Static task
static1
Behavioral task
behavioral1
Sample
BL_SHIPPING_DOC.js
Resource
win7v20210410
Behavioral task
behavioral2
Sample
BL_SHIPPING_DOC.js
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot1923344551:AAGJ9MeV4yHipzEdvvxVuepm8PFUNaCZez4/sendMessage?chat_id=1208289397
Targets
-
-
Target
BL_SHIPPING_DOC.js
-
Size
248KB
-
MD5
c895f5dae03d1e6030775e0161975b14
-
SHA1
18c28bce01ba6d6e3fce7bdf568baf302dac77df
-
SHA256
db2ecbc435d932b7947857e4f9108ffe48c7a5af8ad9a34836c9d6cd96193ed0
-
SHA512
5ebc550b39310edd80b58ceb155863044c34c569d9c223bc587aed150bc26d65ae7dfc9ce219ae4948fa5efb38abcb525702991e99f0690d4a01522ed55f371d
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-