General
-
Target
b04ebbaab95d8941912761529774630b138c48e08c55462dc1191c5258d909fd
-
Size
38KB
-
Sample
220121-3ahkwacfb4
-
MD5
9169f8cabbd35be6b85b44499d3d02c1
-
SHA1
a3cdbca8c3636bc783ad9ff2ce190befbcce9230
-
SHA256
b04ebbaab95d8941912761529774630b138c48e08c55462dc1191c5258d909fd
-
SHA512
f837048468da4ef82ffd2e7935a5cb4d21cdeffb3c91b6105e58041ffd38c24a0b7452885a60924765ad3ecf8af238209aca5308e5de319fe3d6a1982d2d6839
Static task
static1
Behavioral task
behavioral1
Sample
GH2-19062016_PO_TOP URGENT.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
GH2-19062016_PO_TOP URGENT.js
Resource
win10-en-20211208
Malware Config
Extracted
wshrat
http://ghostwsh4191.ddns.net:4191
Targets
-
-
Target
GH2-19062016_PO_TOP URGENT.js
-
Size
104KB
-
MD5
c4a3c287a91653de36fe458599b226e3
-
SHA1
5da2f1e0f11a82df50d970db65d48c9575d3111a
-
SHA256
345e93e6986cea0e9f2ce63ec4d2c6b34afe35c3300f7802b92176bafdc5a84c
-
SHA512
c3662f002f2969bda521d0b607d9686c2ccbb1b687865658f3b9789246dbcddb5664046e00308569e9c5accf177008de88214bba35eb0c1c587356b1b5adb5c6
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-