General
-
Target
facturas vencidas.js
-
Size
909KB
-
Sample
211026-y5bzcsace3
-
MD5
4002af6477f7e690003fcaa27f1711b5
-
SHA1
62bf21de613699c3e43d8db585ea42d34e492dfc
-
SHA256
c6504bae5d10711f8b818b90eec6eea42a97a0c02129421b5e0b07225c6eca77
-
SHA512
f5a1d7e8ea6fba6ad4f8faf70690f0450a4daf969263bc9cea94c72f82d22b138b2630e94c0c035a3137e09cb28e5fedffc4fc2fdcfe51f26397f60d14011430
Static task
static1
Behavioral task
behavioral1
Sample
facturas vencidas.js
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
facturas vencidas.js
Resource
win10-en-20211014
Malware Config
Extracted
wshrat
http://titopeo1.duckdns.org:9781
Targets
-
-
Target
facturas vencidas.js
-
Size
909KB
-
MD5
4002af6477f7e690003fcaa27f1711b5
-
SHA1
62bf21de613699c3e43d8db585ea42d34e492dfc
-
SHA256
c6504bae5d10711f8b818b90eec6eea42a97a0c02129421b5e0b07225c6eca77
-
SHA512
f5a1d7e8ea6fba6ad4f8faf70690f0450a4daf969263bc9cea94c72f82d22b138b2630e94c0c035a3137e09cb28e5fedffc4fc2fdcfe51f26397f60d14011430
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-