General
-
Target
Signed agreement documents.js
-
Size
272KB
-
Sample
211205-h9qejscbbk
-
MD5
c15a7e48753b74413ffd8c4bedebf689
-
SHA1
0673e275a19a4f35b09c24941cf9baaae57e3b36
-
SHA256
37dea53db80a227936238a3e43a474a48114b3f209cf2d44606735a5cfecf727
-
SHA512
e3d7ed11f895999c564d34aba8ae293dae8ab1e3498f32cdbbb6af828d4550971db2c1ab903315461be58afdb0a8fd1f5a7eeea81869f68d473df32b45c2fde0
Static task
static1
Behavioral task
behavioral1
Sample
Signed agreement documents.js
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Signed agreement documents.js
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
Signed agreement documents.js
-
Size
272KB
-
MD5
c15a7e48753b74413ffd8c4bedebf689
-
SHA1
0673e275a19a4f35b09c24941cf9baaae57e3b36
-
SHA256
37dea53db80a227936238a3e43a474a48114b3f209cf2d44606735a5cfecf727
-
SHA512
e3d7ed11f895999c564d34aba8ae293dae8ab1e3498f32cdbbb6af828d4550971db2c1ab903315461be58afdb0a8fd1f5a7eeea81869f68d473df32b45c2fde0
-
Blocklisted process makes network request
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-