General
-
Target
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6
-
Size
634KB
-
Sample
220130-atzz2scabl
-
MD5
f08b55967cb67843e1220cf95372e1d6
-
SHA1
6f660b008fec1794393415bd82aa49731d8eeeb6
-
SHA256
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6
-
SHA512
f39c51a0f9d47f63cd33d74dd0fe5d6a0268d3e8def344d2e7feba6f048e0467a28970165f145e33e040634bf877d2d7d81e5735cae0a8c2c40ef34240c1d6bc
Static task
static1
Behavioral task
behavioral1
Sample
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6.js
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6.js
Resource
win10-en-20211208
Malware Config
Extracted
wshrat
http://dominoduck2107.duckdns.org:9496
Targets
-
-
Target
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6
-
Size
634KB
-
MD5
f08b55967cb67843e1220cf95372e1d6
-
SHA1
6f660b008fec1794393415bd82aa49731d8eeeb6
-
SHA256
74adc75e58f1ce9864fa9f593887467096ce478150e69c320ce24efbebfe26d6
-
SHA512
f39c51a0f9d47f63cd33d74dd0fe5d6a0268d3e8def344d2e7feba6f048e0467a28970165f145e33e040634bf877d2d7d81e5735cae0a8c2c40ef34240c1d6bc
Score10/10-
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
suricata: ET MALWARE Worm.VBS Dunihi/Houdini/H-Worm Checkin 1
-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-