General
-
Target
launcher service.js
-
Size
884KB
-
Sample
211210-c1v1sagdhp
-
MD5
8dce2fac1cdb56ef997f0c4f8065f82e
-
SHA1
da01f70d7035a8e8421d2296c7b481dc6dcb2b09
-
SHA256
6774ae9c26be549fc9096af5859d3e1614b2ce6993fde4ee85b7301134161411
-
SHA512
cb622198fee5d9810e6762f82c78da1a3868b1b67061d788b1af124f6f39456de73b7ba90452098983ff32762f28d471b1c546d228a393cf7364e1babfaac6a3
Static task
static1
Behavioral task
behavioral1
Sample
launcher service.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
launcher service.js
Resource
win10-en-20211208
Malware Config
Extracted
wshrat
http://ben738sj11xz.mywire.org:5478
Targets
-
-
Target
launcher service.js
-
Size
884KB
-
MD5
8dce2fac1cdb56ef997f0c4f8065f82e
-
SHA1
da01f70d7035a8e8421d2296c7b481dc6dcb2b09
-
SHA256
6774ae9c26be549fc9096af5859d3e1614b2ce6993fde4ee85b7301134161411
-
SHA512
cb622198fee5d9810e6762f82c78da1a3868b1b67061d788b1af124f6f39456de73b7ba90452098983ff32762f28d471b1c546d228a393cf7364e1babfaac6a3
Score10/10-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-