General
-
Target
Scan0101.js
-
Size
1005KB
-
Sample
211108-jft2babdh8
-
MD5
20688e329a4f62bb845237749bb94071
-
SHA1
b339e4776b232be49f461ca931fc15a93c124590
-
SHA256
6e275579109009e0df24db2a88abf3fffe7a4ce35e4b99450cb2ba3b622a4eef
-
SHA512
0ec7fc90a49db982c42f111c19c68615993450e8816f73ef4ae0f9785af0f4d4fdbeedd411c55011c9060928e1a6559d450e0a1a6bfa66aad22f18aa88ca0845
Static task
static1
Behavioral task
behavioral1
Sample
Scan0101.js
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Scan0101.js
Resource
win10-en-20211104
Malware Config
Extracted
wshrat
http://140.228.29.190:7121
Targets
-
-
Target
Scan0101.js
-
Size
1005KB
-
MD5
20688e329a4f62bb845237749bb94071
-
SHA1
b339e4776b232be49f461ca931fc15a93c124590
-
SHA256
6e275579109009e0df24db2a88abf3fffe7a4ce35e4b99450cb2ba3b622a4eef
-
SHA512
0ec7fc90a49db982c42f111c19c68615993450e8816f73ef4ae0f9785af0f4d4fdbeedd411c55011c9060928e1a6559d450e0a1a6bfa66aad22f18aa88ca0845
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-