General
-
Target
PO 21.18.0047 -(APPROVAL).js
-
Size
45KB
-
Sample
211018-h5597seagl
-
MD5
8547af690a9b533d6acd08360f5b18d5
-
SHA1
fe393629e5df70bcfef741a70432af6c6a528b27
-
SHA256
e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
-
SHA512
7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d
Static task
static1
Behavioral task
behavioral1
Sample
PO 21.18.0047 -(APPROVAL).js
Resource
win7-en-20210920
Malware Config
Extracted
wshrat
http://jahblessrtd4ever.home-webserver.de:1604
Targets
-
-
Target
PO 21.18.0047 -(APPROVAL).js
-
Size
45KB
-
MD5
8547af690a9b533d6acd08360f5b18d5
-
SHA1
fe393629e5df70bcfef741a70432af6c6a528b27
-
SHA256
e61713ffb39c48f5a162cbd0635b869bbd9b318ee3ac47a5a62490b572752b7a
-
SHA512
7dcab08f69aaefd585a31cf3636a6fe252a9efa18dd5e587f269ea5ccb8648a5daaa4c9302bc2a22f35fe48ac590a07b1192d7aed7eb7b2badb801b39b37552d
-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-