General
-
Target
1F7E9C6AED2B8CB929E3677818BD2B72142254E17F790.exe
-
Size
469KB
-
Sample
211223-y8ejnacdcl
-
MD5
919665137e771d9c738303058e2bc373
-
SHA1
d9f4293de1f8561e3528cb1adeec1e93208ce8e7
-
SHA256
1f7e9c6aed2b8cb929e3677818bd2b72142254e17f79007f984bb1b8472d99c8
-
SHA512
f888daa97d95ba895cca667b91f2ad3db46dff586c9bb18dea1bc5a8bc3e9cd802ac331b4ee549fd4f8a391ec2c72fdb6a952f8ee3515858930f68d505bd6091
Static task
static1
Behavioral task
behavioral1
Sample
1F7E9C6AED2B8CB929E3677818BD2B72142254E17F790.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1F7E9C6AED2B8CB929E3677818BD2B72142254E17F790.exe
Resource
win10-en-20211208
Malware Config
Extracted
wshrat
http://strserver1.duckdns.org:8001
Targets
-
-
Target
1F7E9C6AED2B8CB929E3677818BD2B72142254E17F790.exe
-
Size
469KB
-
MD5
919665137e771d9c738303058e2bc373
-
SHA1
d9f4293de1f8561e3528cb1adeec1e93208ce8e7
-
SHA256
1f7e9c6aed2b8cb929e3677818bd2b72142254e17f79007f984bb1b8472d99c8
-
SHA512
f888daa97d95ba895cca667b91f2ad3db46dff586c9bb18dea1bc5a8bc3e9cd802ac331b4ee549fd4f8a391ec2c72fdb6a952f8ee3515858930f68d505bd6091
Score10/10-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-